Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Static Code Analysis and Cppcheck

16,792 views

Published on

A brief introduction to Cppcheck, a static code analysis tool for C++ source code.

Published in: Technology

Static Code Analysis and Cppcheck

  1. 1.  Static Code Analysis Survey of Tools Cppcheck
  2. 2.  Goal: Provide confidence that code is correct just by looking at it (without building or executing it). Helps us find easy bugs buried in thousands of lines of code (not something people are great at).
  3. 3.  Formal Methods Code Metrics Reviews and Inspection
  4. 4.  Formal Methods: ◦ Mathematical! ◦ Require a mathematical model and assertions! ◦ Often require modeling the system as a finite state machine and verifying each state and transition. Code Metrics Reviews and Inspection
  5. 5.  Formal Methods: Too difficult! Static analysis is supposed to save time. Code Metrics Reviews and Inspection
  6. 6.  Formal Methods: Too difficult! Static analysis is supposed to save time. Code Metrics:• Identify areas where bugs are likely.• Based on measures of code complexity rooted in graph theory (e.g. Cyclomatic complexity). Reviews and Inspection
  7. 7.  Formal Methods: Too difficult! Static analysis is supposed to save time. Code Metrics: Good, but doesn’t directly identify defects. Reviews and Inspection
  8. 8.  Formal Methods: Too difficult! Static analysis is supposed to save time. Code Metrics: Good, but doesn’t directly identify defects. Reviews and Inspection• Just look at the code and try to find suspicious patterns.• Basically what we do when performing code reviews.
  9. 9.  Formal Methods: Too difficult! Static analysis is supposed to save time. Code Metrics: Good, but doesn’t directly identify defects. Reviews and Inspection Works pretty well!
  10. 10.  Static Code Analysis Survey of Tools Cppcheck
  11. 11.  Three Popular Commercial Tools: ◦ PC-Lint ◦ Klocwork Insight ◦ Coverity Prevent One Free Software Tool: ◦ Cppcheck
  12. 12.  PC-Lint ◦ Commercial ◦ Works for C code ◦ Often reports many false positives. ◦ Probably the cheapest after Cppcheck (which is free) Klocwork Insight Coverity Prevent Cppcheck
  13. 13.  PC-Lint Klocwork Insight ◦ Commercial ◦ A spin-out of Nortel Networks ◦ Also includes project management and project visualization capabilities. Coverity Prevent Cppcheck
  14. 14.  PC-Lint Klocworks Insight Coverity Prevent ◦ Commercial ◦ Identified over 6000 bugs across 53 open-source projects. ◦ Developed from research at Stanford University. Cppcheck
  15. 15.  PC-Lint Klocworks Insight Coverity Prevent Cppcheck ◦ Open source ◦ Under active development. ◦ Has found > 400 bugs in open-source projects. ◦ Free!
  16. 16.  Static Code Analysis Survey of Tools Cppcheck
  17. 17.  Detects bugs in C and C++ source that compilers normally do not warn about! Cross-platform (Windows, Linux, etc) Fancy Qt-based GUI client! ◦ Also available in a command-line version Usable via plugins from various IDEs (but not VS): ◦ Eclipse ◦ Code::Blocks ◦ Hudson, Jenkins
  18. 18.  Packages maintained for FreeBSD, Debian and Ubuntu systems (sudo apt-get install cppcheck) Used to find bugs in many open-source projects: ◦ Linux Kernel: > 40 bugs found+fixed ◦ VLC Player: > 20 bugs found+fixed ◦ Others: 7-zip, curl, git, etc
  19. 19.  Bounds checking for array overruns Memory and resource leaks Unused private class functions Use of deprecated functions Wrong # of arguments given to printf or scanf Switch cases that fall through suspiciously Dozens of others…
  20. 20. Possible buffer overrun Memory leak: bufShould be “delete[] buf” Resource leak: file
  21. 21. Cppcheck finds many of the issueswith that code (but not all)
  22. 22. Buffer overrunSuspicious format specifier for apointer to a C string (but notnecessary a bug)
  23. 23.  Bounds checking for array overruns Unused private class functions Use of deprecated functions Memory and resource leaks Dozens of others…
  24. 24. PreprocessorSource File Tokenizer Simplifier Results Checks Happy Developer
  25. 25. void foo(char* str){ if (str == 0) printf(str); else printf("Whoa");} Tokenizer Simplifiervoid foo ( char * str ) { if ( ! str ) { printf ( str ) ; } else{ printf ( "Whoa" ) ; } }
  26. 26. void foo(char* str){ if (str == 0) printf(str); else printf("Whoa");} Indentation, spacing, NULL-checks and braces are normalized Tokenizer to simplify checks! Simplifiervoid foo ( char * str ) { if ( ! str ) { printf ( str ) ; } else{ printf ( "Whoa" ) ; } }
  27. 27. void foo ( char * str ) { if ( ! str ) { printf ( str ) ; } else { printf ( "Whoa" ) ; } } Results Checks Each check iterates over the tokens, and reports if it finds a suspicious pattern! Checks implemented as C functions or XML documents that describe the pattern to look for. Results categorized as error, warning, style, performance, portability, or informative.
  28. 28.  Cppcheck is a free tool for finding bugs in C++ source code. It works by parsing the source code, splitting it into tokens and finding suspicious patterns in the tokens.
  29. 29.  Official project page: ◦ http://cppcheck.sourceforge.net/ Official source repository: ◦ https://github.com/danmar/cppc heck

×