cppcheck/philosophy.md


# Cppcheck Philosophy

It is important that everybody in the Cppcheck team has a consistent idea about how this tool should work.

This is a static analyzer tool.

## Usability

Usability is very important. It's more important that Cppcheck is usable than finding all bugs.
 - We don't want to have tons of configurations options.
 - It's very important that warning messages are well written and with enough details.
 - Speed is very important. --check-level=exhaustive can be used when user accept slow analysis.

## Normal analysis - No false positives

A fundamental goal is "no false positives".

It is not possible to achieve "no false positives" completely. One case where false positives are OK is when the code is garbage.

If the code is written as it is by design, then our goal is to not show any false positives.

If it is not known if there is a problem, then in general we need to bailout to avoid false positives. We can only warn when we see that there is a problem.

Stylistic checks are much more prone to false positives and therefore we should avoid writing stylistic checks mostly.

Reporting issues in Trac:
 - If you see a false negative; report that as an enhancement.
 - If you see a false positive; report that as a defect.

### Inconclusive messages

If cppcheck can't determine that there is a problem or not, then the analysis is inconclusive.

If the user enables inconclusive warnings and we guess that the probability there is a real problem is at least 50-50 then it's OK to write a inconclusive warning.

Inconclusive messages shall not be used for new checks which are just being developed. There `settings.experimental` can be used.


## No configuration

We want that a user can run Cppcheck without explicit -D and -I configuration.

When this happens the false positives should be avoided. The user can reduce false negatives with configuration.


## Allow compiler extensions

This is not just a tool for mainstream gcc/msvc c/c++ developers. If you can compile the code with a C/C++ compiler then our goal is that Cppcheck can check it.


## C++ language

Our goal is to be highly portable. Users must be able to compile Cppcheck with GCC 4.8 or Visual Studio 2013.

No C++14 is allowed. A subset of C++11 is allowed.


## Avoid dependencies

We are very careful about dependencies.
Added a philosophy.md document. 2018-09-06 20:14:55 +02:00
documentation 2020-05-08 20:15:54 +02:00			`# Cppcheck Philosophy`
Added a philosophy.md document. 2018-09-06 20:14:55 +02:00
			`It is important that everybody in the Cppcheck team has a consistent idea about how this tool should work.`

philosophy.md : Describe inconclusive messages (#2841) Inspired by https://github.com/danmar/cppcheck/pull/2839 inconclusive messages are added to this document. 2021-01-18 19:58:06 +01:00			`This is a static analyzer tool.`
Added a philosophy.md document. 2018-09-06 20:14:55 +02:00
philosophy.md: minor tweaks. add section about usability. [ci skip] (#5730) 2023-12-06 11:13:42 +01:00			`## Usability`

			`Usability is very important. It's more important that Cppcheck is usable than finding all bugs.`
			`- We don't want to have tons of configurations options.`
			`- It's very important that warning messages are well written and with enough details.`
			`- Speed is very important. --check-level=exhaustive can be used when user accept slow analysis.`
Added a philosophy.md document. 2018-09-06 20:14:55 +02:00
documentation 2020-05-08 20:15:54 +02:00			`## Normal analysis - No false positives`
Added a philosophy.md document. 2018-09-06 20:14:55 +02:00
			`A fundamental goal is "no false positives".`

			`It is not possible to achieve "no false positives" completely. One case where false positives are OK is when the code is garbage.`

philosophy.md: minor tweaks. add section about usability. [ci skip] (#5730) 2023-12-06 11:13:42 +01:00			`If the code is written as it is by design, then our goal is to not show any false positives.`
Added a philosophy.md document. 2018-09-06 20:14:55 +02:00
philosophy.md: minor tweaks. add section about usability. [ci skip] (#5730) 2023-12-06 11:13:42 +01:00			`If it is not known if there is a problem, then in general we need to bailout to avoid false positives. We can only warn when we see that there is a problem.`
Added a philosophy.md document. 2018-09-06 20:14:55 +02:00
			`Stylistic checks are much more prone to false positives and therefore we should avoid writing stylistic checks mostly.`

documentation 2020-05-08 20:15:54 +02:00			`Reporting issues in Trac:`
			`- If you see a false negative; report that as an enhancement.`
			`- If you see a false positive; report that as a defect.`
Added a philosophy.md document. 2018-09-06 20:14:55 +02:00
philosophy.md : Describe inconclusive messages (#2841) Inspired by https://github.com/danmar/cppcheck/pull/2839 inconclusive messages are added to this document. 2021-01-18 19:58:06 +01:00			`### Inconclusive messages`

philosophy.md: minor tweaks. add section about usability. [ci skip] (#5730) 2023-12-06 11:13:42 +01:00			`If cppcheck can't determine that there is a problem or not, then the analysis is inconclusive.`

			`If the user enables inconclusive warnings and we guess that the probability there is a real problem is at least 50-50 then it's OK to write a inconclusive warning.`

philosophy.md : Describe inconclusive messages (#2841) Inspired by https://github.com/danmar/cppcheck/pull/2839 inconclusive messages are added to this document. 2021-01-18 19:58:06 +01:00			Inconclusive messages shall not be used for new checks which are just being developed. There `settings.experimental` can be used.
documentation 2020-05-08 20:15:54 +02:00

			`## No configuration`
Added a philosophy.md document. 2018-09-06 20:14:55 +02:00
			`We want that a user can run Cppcheck without explicit -D and -I configuration.`

			`When this happens the false positives should be avoided. The user can reduce false negatives with configuration.`


documentation 2020-05-08 20:15:54 +02:00			`## Allow compiler extensions`
Added a philosophy.md document. 2018-09-06 20:14:55 +02:00
			`This is not just a tool for mainstream gcc/msvc c/c++ developers. If you can compile the code with a C/C++ compiler then our goal is that Cppcheck can check it.`


documentation 2020-05-08 20:15:54 +02:00			`## C++ language`
Added a philosophy.md document. 2018-09-06 20:14:55 +02:00
bumped minimum supported GCC version to 4.8 (#3768) 2022-02-05 17:57:32 +01:00			`Our goal is to be highly portable. Users must be able to compile Cppcheck with GCC 4.8 or Visual Studio 2013.`
Added a philosophy.md document. 2018-09-06 20:14:55 +02:00
bumped minimum supported GCC version to 4.8 (#3768) 2022-02-05 17:57:32 +01:00			`No C++14 is allowed. A subset of C++11 is allowed.`
Added a philosophy.md document. 2018-09-06 20:14:55 +02:00

documentation 2020-05-08 20:15:54 +02:00			`## Avoid dependencies`
Added a philosophy.md document. 2018-09-06 20:14:55 +02:00
			`We are very careful about dependencies.`