Cppcheck

Cppcheck 2.12

Windows
cppcheck-2.12.0-x64-Setup.msi | 19.43 MB
PriceFree
Version2.12
Release DateNovember 21, 2023
PublisherCppcheck - https://cppcheck.sourceforge.io
Publisher's Description

Cppcheck is a static analysis tool for C/C++ code. It provides unique code analysis to detect bugs and focuses on detecting undefined behaviour and dangerous coding constructs. The goal is to have very few false positives. Cppcheck is designed to be able to analyze your C/C++ code even if it has non-standard syntax (common in embedded projects).

Features

Unique code analysis that detect various kinds of bugs in your code.

Both command line interface and graphical user interface are available.

Cppcheck has a strong focus on detecting undefined behaviour.

Unique analysis

Using several static analysis tools can be a good idea. There are unique features in each tool. This has been established in many studies.

So what is unique in Cppcheck.

Cppcheck uses unsound flow sensitive analysis. Several other analyzers use path sensitive analysis based on abstract interpretation, that is also great however that has both advantages and disadvantages. In theory by definition, it is better with path sensitive analysis than flow sensitive analysis. But in practice, it means Cppcheck will detect bugs that the other tools do not detect.

In Cppcheck the data flow analysis is not only "forward" but "bi-directional". Most analyzers will diagnose this:

void foo(int x)
{

int buf[10];

if (x == 1000) buf[x] = 0; // <- ERROR

}

Most tools can determine that the array index will be 1000 and there will be overflow.

Cppcheck will also diagnose this:

void foo(int x)
{

int buf[10];

buf[x] = 0; // <- ERROR

if (x == 1000) {}

}

Undefined behaviour

  • Dead pointers
  • Division by zero
  • Integer overflows
  • Invalid bit shift operands
  • Invalid conversions
  • Invalid usage of STL
  • Memory management
  • Null pointer dereferences
  • Out of bounds checking
  • Uninitialized variables
  • Writing const data