Cppcheck is a static analysis tool for C/C++ code. Unlike C/C++ compilers and many other analysis tools it does not detect syntax errors in the code. Cppcheck primarily detects the types of bugs that the compilers normally do not detect. The goal is to detect only real errors in the code (i.e. have zero false positives).
|Download Now! Version 1.77 for Windows (64-bit)||Download Now! Version 1.77 for Windows (32-bit)|
Clients and plugins
Cppcheck is integrated with many popular development tools. For instance:
- CLion - Cppcheck plugin
- Code::Blocks - integrated
- CodeDX (software assurance tool) - integrated
- CodeLite - integrated
- CppDepend 5 - integrated
- Eclipse - Cppcheclipse
- gedit - gedit plugin
- Hudson - Cppcheck Plugin
- Jenkins - Cppcheck Plugin
- Mercurial (Linux) - pre-commit hook - Check for new errors on commit (requires interactive terminal)
- Tortoise SVN - Adding a pre-commit hook script
- Git (Linux) - pre-commit hook - Check for errors in files going into commit (requires interactive terminal)
- Visual Studio - Visual Studio plugin
- QtCreator - Qt Project Tool (qpt)
Other static analysis tools
Using a battery of tools is better than using 1 tool. Therefore we recommend that you also use other tools.
Cppcheck focus on bugs instead of stylistic issues. Therefore a tool that focus on stylistic issues could be a good addition.
Cppcheck tries very hard to avoid false positives. Sometimes people want to detect all bugs even if there will be many false warnings, for instance when they are working on a release and want to verify that there are no bugs. A tool that is much more noisy than Cppcheck might be a good addition.
Even tools that have the same design goals as Cppcheck will probably be good additions. Static analysis is such a big field, Cppcheck only covers a small fraction of it. No tool covers the whole field. The day when all manual testing will be obsolete because of some tool is very far away.
Detect various kinds of bugs in your code.
- Out of bounds checking
- Memory leaks checking
- Detect possible null pointer dereferences
- Check for uninitialized variables
- Check for invalid usage of STL
- Checking exception safety
- Warn if obsolete or unsafe functions are used
- Warn about unused or redundant code
- Detect various suspicious code indicating bugs
For a list of all checks see: http://sourceforge.net/p/cppcheck/wiki/ListOfChecks.
Both command line interface and graphical user interface are available.
Cppcheck can be extended. You can:
- look for simple patterns, see chapter about rules in the manual (pdf, html)
- define rules for functions with .cfg files, see chapter about library files in the manual (pdf, html)
- extend cppcheck with scripts, see chapter about addons in the manual (pdf, html)
You are welcome to contribute. Help is needed.
- Pick a project and test its source with the latest version of Cppcheck. Submit tickets to Trac about the issues you find in Cppcheck.
- Pick a ticket from Trac, write a test case for it (and write a comment to the ticket for which that test case has been created). Alternatively, pick a test case that fails and try to fix it. Make a patch and submit it to Trac either inline, if it is small, or otherwise - attach it as a file.
- Write articles, reviews or tell your friends about us. The more users we have, the more people we have testing and the better we can become.
- Come up with some new good checks, and create tickets in the Trac instance about them.
- Write a plugin for your favorite IDE or create a package for your distribution or operating system.
- Technical Writing
- Write better documentation for the bugs we find. Currently only a few bugs have any documentation at all.