Cppcheck – A free static analyser for C and C++

I got a tip from Anna-Jayne Metcalfe of C++ and QA specialists Riverblade to check out Cppcheck, a free static analyser for C and C++. I ran >100 kLOC of PerfectTablePlan C++ through it and it picked up a few issues, including:

  • variables uninitialised in constructors
  • classes passed by value, rather than as a const reference
  • variables whose scopes could be reduced
  • methods that could be made const

It only took me a few minutes from downloading to getting results. And the results are a lot less noisy than lint. I’m impressed. PerfectTablePlan is heavily tested and I don’t think any of the issues found are the cause of bugs in PerfectTablePlan, but it shows the potential of the tool.

The documentation is here. But, on Windows, you just need to start the Cppcheck GUI (in C:\Program files\Cppcheck, they appear to be too modest to add a shortcut to your desktop), select Check>Directory… and browse to the source directory you want to check. Any issues found will then be displayed.

You can also set an editor to integrate with, in Edit>Preferences>Applications. Double clicking on an issue will then display the appropriate line in your editor of choice.

Cppdepend is available with a GUI on Windows and as a command line tool on a range of platforms. There is also an Eclipse plugin. See the sourceforge page for details on platforms and IDEs supported. You can even write your own Cppcheck rules.

Cppcheck could be a very valuable additional layer in my defence in depth approach to QA. I have added it to my checklist of things to do before each new release.

9 thoughts on “Cppcheck – A free static analyser for C and C++

    1. Andy Brice Post author

      Probably a good idea to run it after each major new feature is added. I don’t think I could be bothered to look at the results after every check-in.

      There is a command line interface.

  1. CoreTech

    Thanks for letting me know about this great tool! It was easy to install and it turned up some perfectly valid (though mostly benign) warts on my code.

    I am particularly sensitive to ‘const’-ness & variable scoping and I was pleased to receive actionable advice on both of those.

  2. Ross

    Thanks for the reference. I develop Qt/C++ application and was thinking for alternative for Valgrind alternative for Windows.

    1. Andy Brice Post author

      Valgrind is a dynamic analyser IIRC. It is quite different to CppCheck, which is a static analyser. There are dynamic analysers for Windows. I don’t know if any of them are free though. For example, see:

      http://www.softwareverify.com/

      Avoid Rational Purify for Windows, it is lousy.

Comments are closed.