I got a tip from Anna-Jayne Metcalfe of C++ and QA specialists Riverblade to check out Cppcheck, a free static analyser for C and C++. I ran >100 kLOC of PerfectTablePlan C++ through it and it picked up a few issues, including:
- variables uninitialised in constructors
- classes passed by value, rather than as a const reference
- variables whose scopes could be reduced
- methods that could be made const
It only took me a few minutes from downloading to getting results. And the results are a lot less noisy than lint. I’m impressed. PerfectTablePlan is heavily tested and I don’t think any of the issues found are the cause of bugs in PerfectTablePlan, but it shows the potential of the tool.
The documentation is here. But, on Windows, you just need to start the Cppcheck GUI (in C:\Program files\Cppcheck, they appear to be too modest to add a shortcut to your desktop), select Check>Directory… and browse to the source directory you want to check. Any issues found will then be displayed.
You can also set an editor to integrate with, in Edit>Preferences>Applications. Double clicking on an issue will then display the appropriate line in your editor of choice.
Cppdepend is available with a GUI on Windows and as a command line tool on a range of platforms. There is also an Eclipse plugin. See the sourceforge page for details on platforms and IDEs supported. You can even write your own Cppcheck rules.
Cppcheck could be a very valuable additional layer in my defence in depth approach to QA. I have added it to my checklist of things to do before each new release.
Successful Software 
I recommend Parasoft C++Test (trial)
They do not publish the price of the full version. Do you know how much is it?
It seems like something that should be done every build, not once per release. Hopefully there is a command line interface as well.
Probably a good idea to run it after each major new feature is added. I don’t think I could be bothered to look at the results after every check-in.
There is a command line interface.
Thanks for letting me know about this great tool! It was easy to install and it turned up some perfectly valid (though mostly benign) warts on my code.
I am particularly sensitive to ‘const’-ness & variable scoping and I was pleased to receive actionable advice on both of those.
Thanks for the reference. I develop Qt/C++ application and was thinking for alternative for Valgrind alternative for Windows.
Valgrind is a dynamic analyser IIRC. It is quite different to CppCheck, which is a static analyser. There are dynamic analysers for Windows. I don’t know if any of them are free though. For example, see:
http://www.softwareverify.com/
Avoid Rational Purify for Windows, it is lousy.
Hi Andy,
Great post, I want to try this one to address memory leaks, i’m developing a wordpress hosting like the one’s seen here: : http://easywordpressblogsetupinstructions.com/2011-our-list-of-5-top-wordpress-hosting-companies/
Any other alternatives to cppcheck? I heard about EDoC++ and Flawfinder?
CppCheck isn’t likely to be very useful for finding memory leaks. You need a dynamic analyser. See above.