Direkt zum Hauptbereich

Static analysis tool: cppcheck

This post shall be the start of a loose series on static code analysis tools that I've been using when professionally coding.
The tools should be compared against the same code base, so that one could get an impression what the benefits and flaws of a certain tool are.

Please put your questions/suggestions into the comments.

Today's tool should be cppcheck.

Supported Languages

  • C
  • C++
Dependencies (besides gcc)
  • libprce
Special features
  • custom rules for checking can be applied as prce-compatible regular expressions

Testing

  • Under test shall be the unmodified code of busybox version 1.29.2 as to be found as yocto-poky layer at gitrev 3541f019a505d18263fad0b46b88d470e3fd9d62.
  • As configuration for yocto the standard configuration is used.
  • cppcheck is used in version 1.87

Number of total findings in code: 308
Number of different finding types: 26

Findings in details class vs. count

nullPointer 3
memleakOnRealloc 2
nullPointerArithmeticRedundantCheck 2
shiftNegative 1
uninitvar 69
redundantAssignInSwitch 2
va_end_missing 2
invalidPrintfArgType_sint 35
invalidScanfArgType_int 22
signConversion 2
identicalConditionAfterEarlyExit 1
bufferAccessOutOfBounds 1
integerOverflow 2
uselessAssignmentPtrArg 1
invalidscanf 6
wrongPrintfScanfArgNum 1
shiftTooManyBitsSigned 13
leakNoVarFunctionCall 1
selfAssignment 71
constStatement 1
invalidPrintfArgType_uint 43
nullPointerRedundantCheck 3
resourceLeak 1
ignoredReturnValue 2
shiftTooManyBits 3
allocaCalled 18

Conclusion

Overall nive performance and quality of findings. Finds many common mistakes done when writing C-code.

Pros
  • Easy to build
  • Good quality of findings
  • Find the important stuff like shiftTooManyBits or integerOverflow
  • Extendible by custom rules
  • Relatively fast while executing 
Cons
  • Not many
  • Custom rules are hard to write (prce-regex in single-line mode (sic))
BTW if you want to use cppcheck out of the box in your YOCTO build see here

Kommentare