CppCheck is a very helpful tool for C++ programmers. It performs the static code analysis of C++ project and discovers some types of error which can be easily overlooked by developers and compilers: out of bounds or uninitialized variables, redundant code, always true/false comparisons, exception safety and many others (list of all CppCheck checks). If you want to maintain high code quality you should include the static code checks among the development routines.
This post contains a quick setup instruction, the basic usage of CppCheck via console and the example results with comments.
Usage via console
Open the console and navigate to the project directory.
Check specific file and save the result to .txt file:
Check all files in current directory recursively:
Perform all possible checks
By default only
error messages are shown. To enable more messages use enable flag, i.e.
--enable=all will perform all checks. Other possible values:
warning (suggestions to prevent bug),
performance (suggestions for making the code faster),
information (configuration problems),
style (it enables warning, performance, portability and style messages),
unusedFunctions (it should be only enabled when the whole program is scanned).
Example result and interpretation
I have cloned an open-source project QNapi and then tested the whole repository with the CppCheck. With the default check (only error level) no deviations were detected. Congratulations to the team :). However, I go further and check with
--enable=warning flag. Now I see 9 warnings about uninitialized variables. Some of them are uninitialized member pointers – and this thing really deserves correction. Example:
The check with
--enable=perfomance produces additionally warnings like:
This one should not make a big difference in desktop application and can be optimized by compiler anyway, so we can ignore it. I go further with
--enable=style and I find:
This is interesting — such piece of code probably does not work intended way:
Whatever was the purpose of
bad variable, we can suspect that is not correctly done since the value of
bad in never incremented in this snippet.
The analysis is very fast - for such small projects it lasts about one second. Detected bugs probably would not be found quickly without the help of this tool. In my opinion running the static analysis test is well-spent time. After having the results, we can make some improvements in our code.
Integrate CppCheck with Eclipse
CppCheck can be easily integrated with Eclipse. Read Code Yarns article How to use CPPCheck with Eclipse CDT for comprehensive step-by-step setup instruction .
Other static analysis tools
It’s rather hard to find a free substitute for CppCheck. A lot of commercial static code analysis tools are available on the market (i.e. QAC, Klocwork), but if we focus on the open source tools the choice becomes dramatically smaller. For now, I haven’t found any other noteworthy tool for C++. Any comments and suggestions about the alternative are welcome.