Pris | Gratis |
Versjon | 2.12 |
Utgivelsesdato | November 21, 2023 |
Forlegger | Cppcheck - https://cppcheck.sourceforge.io |
Forlagets beskrivelse |
Cppcheck is a static analysis tool for C/C++ code. It provides unique code analysis to detect bugs and focuses on detecting undefined behaviour and dangerous coding constructs. The goal is to have very few false positives. Cppcheck is designed to be able to analyze your C/C++ code even if it has non-standard syntax (common in embedded projects).
Features
Unique code analysis that detect various kinds of bugs in your code.
Both command line interface and graphical user interface are available.
Cppcheck has a strong focus on detecting undefined behaviour.
Unique analysis
Using several static analysis tools can be a good idea. There are unique features in each tool. This has been established in many studies.
So what is unique in Cppcheck.
Cppcheck uses unsound flow sensitive analysis. Several other analyzers use path sensitive analysis based on abstract interpretation, that is also great however that has both advantages and disadvantages. In theory by definition, it is better with path sensitive analysis than flow sensitive analysis. But in practice, it means Cppcheck will detect bugs that the other tools do not detect.
In Cppcheck the data flow analysis is not only "forward" but "bi-directional". Most analyzers will diagnose this:
void foo(int x)
{
int buf[10];
if (x == 1000) buf[x] = 0; // <- ERROR
}
Most tools can determine that the array index will be 1000 and there will be overflow.
Cppcheck will also diagnose this:
void foo(int x)
{
int buf[10];
buf[x] = 0; // <- ERROR
if (x == 1000) {}
}
Undefined behaviour