Cppcheck is an open source static code analyzer tool for C/++. With its default arguments, it produces quite a low rate of false positives and identifies numerous areas in which bugs can be fixed, scope reduced, performance enhanced, and so forth.
Basic Usage
Cppcheck, in its basest form, simply needs to be run as:
./cppcheck path_to_check |
Tips / Suggested Usage
In its basest form, cppcheck will not do a lot of things you'll want it to do and will do some things you don't want it to do. A more appropriate commandline looks like:
./cppcheck --force --inline-suppr --template '{file}:{line},{severity},{id},{message}' -i "$EXTRA_INCLUDE_PATHS" -q $( for b in $( for a in $(find "$CODE_PATH" | egrep '\.h$' ); do dirname $a; dirname $(dirname $a); done | sort -u); do echo -n " -I $b" ; done) "$CODE_PATH" >err.txt 2 > err2.txt; more err2.txt
|
We will look at each of those arguments in a little more detail:
* --force: Without --force, cppcheck will give up whenever the code gets too complicated. Which, at least in ITK, is "usually".
* --inline-suppr: This tells cppcheck to enable "suppressions". Suppressions are comments of the form "// cppcheck-suppress ErrorType", which says that if cppcheck finds an error of that type on the next line, ignore it. This is a way to suppress false positives.
* --template: This tells cppcheck to use a different format for outputting its errors. The main addition is the inclusion of id, which lets us see what the error type is so that we can suppress if necessary.
* -i: Allows the user to specify extra include paths. Without it, cppcheck may not be able to find out where everything is in order to look for errors.
* -q: Means "quiet", which eliminates a lot of spam and makes sifting through the output a lot easier.
* The nested for loops are way to make sure that all include files are examined by cppcheck. You can try omitting it, but you may need it in some cases.
* The redirection at the end saves the output. All errors will be in err2.txt (stderr)
It is also possible to turn on additional checks, but I do not recommend them. The overwhelming majority of them were false positives.
Sifting Through Your Results
In theory, you can just go through the results of err2.txt; however, in practice, you may want to cat err2.txt and grep out (grep -v) "errors" that you discover aren't really errors. For example, grep -v ThirdParty was useful in examining ITK.
Cautions
Note that some things cppcheck reports may not be false positives if your application is standalone, but if things build against your application, the recommended changes may cause problems. A notable example from ITK was when it recommended, for performance, changing some functions to pass-by-reference. This is generally a good idea, but could break legacy code.
相关推荐
cppcheck操作手册 Cppcheck是C/C++代码分析工具,可以检测bugs和不安全的编程结构,目标是检测代码中的真实错误,而不是报告虚拟警告。Cppcheck可以分析非标准语法的代码,例如嵌入式项目常用的语法。 Cppcheck的...
cppcheck源代码包含了cppcheck的实现细节和完整的开发环境,对于想要深入理解cppcheck工作原理、进行二次开发或者为cppcheck贡献代码的开发者来说,这是一个宝贵的资源。通过阅读和学习cppcheck的源代码,我们可以...
**cppcheck工具详解** cppcheck是一款非常实用的静态代码分析工具,主要针对C++语言,也可用于检查C语言。它的核心功能是检测源代码中的潜在错误,如未初始化的变量、空指针解引用、数组越界、内存泄漏等问题,这些...
### cppcheck在SourceInsight上的使用详解 #### 一、cppcheck简介与安装 cppcheck是一种广泛应用于C/C++代码的静态分析工具,它能够帮助开发者发现潜在的编程错误、编码风格问题以及不符合最佳实践的地方。cppcheck...
在本实践教程中,我们将深入探索Qt Creator插件开发,特别是如何修改qtc-cppcheck插件的源码,以便更高效地利用cppcheck静态分析工具。cppcheck是一款开源的C/C++代码检查器,能帮助开发者在编译之前发现潜在的错误...
cppcheck是一款静态代码分析工具,主要用于检测C/C++代码中的潜在错误、未初始化的变量、内存泄漏、冗余代码等问题。它具有高度可扩展性,允许用户根据自己的需求编写自定义规则来增强其检查能力。在cppcheck中,...
cppcheck 是一款强大的静态代码分析工具,主要用于C、C++编程语言。它可以在代码执行之前检测出潜在的错误,如未初始化的变量、空指针解引用、内存泄漏、潜在的除以零等常见问题。cppcheck_win10安装包.zip 是专为...
保姆级教程:如何在VS Code 2022下集成cppcheck开源工具实现代码misra-c-2012规则的静态检查
cppcheck是一款静态代码分析工具,用于检测C++代码中的潜在错误、未初始化的变量、空指针解引用、内存泄漏等问题。它可以帮助开发者在代码执行之前发现潜在的问题,提高代码质量。而FlameGraph是一种可视化工具,...
cppcheck --enable=all /path/to/source/code ``` 这将启用所有默认检查,并对指定路径下的源代码进行分析。cppcheck会输出可能存在的问题,包括错误、警告和信息。 接下来,我们关注"writing-rules-1.pdf"和...
cppcheck是一款静态代码分析工具,专门用于检测C++代码中的潜在错误、未初始化的变量、内存泄漏、冗余代码等问题。2.10.1是cppcheck的一个版本号,这通常意味着它包含了先前版本的改进、新功能的添加以及可能的错误...
cppcheck --exclude=path/to/exclude path ``` ##### 2.4 严重性级别 cppcheck提供了不同的严重性级别,以区分问题的重要程度: - **error**:表示一个明确的错误。 - **warning**:表示可能存在错误但并不确定。 ...
**cppcheck配置文件详解** cppcheck是一款开源的静态代码分析工具,主要用于C、C++语言的编程中,它能够在编译之前发现潜在的错误和问题,如未初始化的变量、空指针引用、内存泄漏、可能的空指针解引用等。在Visual...
cppcheck-1.88.zip 是一个包含cppcheck 1.88版本的源代码安装包,专为C和C++编程语言设计的静态代码分析工具。cppcheck是一款开源软件,其主要目的是在编译阶段之前检测代码中的潜在错误,如未初始化的变量、空指针...
Cppcheck 工具手册 Cppcheck 是一种分析 C/C++ 代码的工具,它提供了独特的代码分析来检测 bug 和关注于检测未定义的行为和危险的编码结构。该工具的目标是检测代码中的真实错误,而不是生成无关的警告。 Cppcheck...
CppCheck是一款强大的静态代码分析工具,主要用于检测C和C++编程语言中的潜在错误。它能够在程序编译之前找出可能存在的语法错误、未初始化的变量、空指针引用、内存泄漏等常见问题,从而提升软件的质量和可靠性。这...
Atom-atom-linter-cppcheck 是一个专门为 Atom 文本编辑器设计的插件,它集成了静态代码分析工具 Cppcheck。Cppcheck 是一个流行的、跨平台的 C 和 C++ 代码检查工具,能帮助开发者在编译之前发现潜在的错误和问题,...
cppcheck是一款静态代码分析工具,主要用于C++编程语言。它能帮助开发者在代码编译之前发现潜在的错误和不良编程习惯,从而提升软件的质量和稳定性。cppcheck 1.56版本是该工具的一个特定发布版,据描述,此版本已经...