cppcheck/gui/help/manual.html

1023 lines
18 KiB
HTML
Raw Normal View History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>Cppcheck 1.46</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"></HEAD
><BODY
CLASS="book"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="BOOK"
><A
NAME="AEN1"
></A
><DIV
CLASS="TITLEPAGE"
><H1
CLASS="title"
><A
NAME="AEN2"
>Cppcheck 1.46</A
></H1
><HR></DIV
><DIV
CLASS="TOC"
><DL
><DT
><B
>Table of Contents</B
></DT
><DT
>1. <A
HREF="#AEN5"
>Introduction</A
></DT
><DT
>2. <A
HREF="#AEN19"
>Getting started</A
></DT
><DD
><DL
><DT
>2.1. <A
HREF="#AEN21"
>First test</A
></DT
><DT
>2.2. <A
HREF="#AEN30"
>Checking all files in a folder</A
></DT
><DT
>2.3. <A
HREF="#AEN36"
>Excluding a file or folder from checking</A
></DT
><DT
>2.4. <A
HREF="#AEN44"
>Severities</A
></DT
><DT
>2.5. <A
HREF="#AEN65"
>Enable messages</A
></DT
><DD
><DL
><DT
>2.5.1. <A
HREF="#AEN70"
>Stylistic issues</A
></DT
><DT
>2.5.2. <A
HREF="#AEN84"
>Unused functions</A
></DT
><DT
>2.5.3. <A
HREF="#AEN88"
>Enable all checks</A
></DT
></DL
></DD
><DT
>2.6. <A
HREF="#AEN93"
>Saving results in file</A
></DT
><DT
>2.7. <A
HREF="#AEN97"
>Multithreaded checking</A
></DT
></DL
></DD
><DT
>3. <A
HREF="#AEN101"
>Preprocessor configurations</A
></DT
><DT
>4. <A
HREF="#AEN109"
>XML output</A
></DT
><DT
>5. <A
HREF="#AEN143"
>Reformatting the output</A
></DT
><DT
>6. <A
HREF="#AEN159"
>Suppressions</A
></DT
><DT
>7. <A
HREF="#AEN172"
>Leaks</A
></DT
><DD
><DL
><DT
>7.1. <A
HREF="#AEN175"
>Userdefined allocation/deallocation functions</A
></DT
></DL
></DD
><DT
>8. <A
HREF="#AEN192"
>Exception safety</A
></DT
><DT
>9. <A
HREF="#AEN212"
>Html report</A
></DT
><DT
>10. <A
HREF="#AEN224"
>Graphical user interface</A
></DT
><DD
><DL
><DT
>10.1. <A
HREF="#AEN226"
>Introduction</A
></DT
><DT
>10.2. <A
HREF="#AEN230"
>Check source code</A
></DT
><DT
>10.3. <A
HREF="#AEN234"
>Inspecting results</A
></DT
><DT
>10.4. <A
HREF="#AEN242"
>Settings</A
></DT
><DT
>10.5. <A
HREF="#AEN249"
>Project files</A
></DT
></DL
></DD
></DL
></DIV
><DIV
CLASS="chapter"
><HR><H1
><A
NAME="AEN5"
></A
>Chapter 1. Introduction</H1
><P
>Cppcheck is an analysis tool for C/C++ code. Unlike C/C++ compilers
and many other analysis tools, it doesn't detect syntax errors. Cppcheck
only detects the types of bugs that the compilers normally fail to detect.
The goal is no false positives.</P
><P
>Supported code and platforms:</P
><P
></P
><UL
><LI
><P
>You can check non-standard code that includes various compiler
extensions, inline assembly code, etc.</P
></LI
><LI
><P
>Cppcheck should be compilable by any C++ compiler that handles
the latest C++ standard.</P
></LI
><LI
><P
>Cppcheck should work on any platform that has sufficient cpu and
memory.</P
></LI
></UL
><P
>Accuracy</P
><P
>Please understand that there are limits of Cppcheck. Cppcheck is
rarely wrong about reported errors. But there are many bugs that it
doesn't detect.</P
><P
>You will find more bugs in your software by testing your software
carefully, than by using Cppcheck. You will find more bugs in your
software by instrumenting your software, than by using Cppcheck. But
Cppcheck can still detect some of the bugs that you miss when testing and
instrumenting your software.</P
></DIV
><DIV
CLASS="chapter"
><HR><H1
><A
NAME="AEN19"
></A
>Chapter 2. Getting started</H1
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="AEN21"
>2.1. First test</A
></H2
><P
>Here is a simple code</P
><PRE
CLASS="programlisting"
>int main()
{
char a[10];
a[10] = 0;
return 0;
}</PRE
><P
>If you save that into <TT
CLASS="filename"
>file1.c</TT
> and
execute:</P
><PRE
CLASS="programlisting"
>cppcheck file1.c</PRE
><P
>The output from cppcheck will then be:</P
><PRE
CLASS="programlisting"
>Checking file1.c...
[file1.c:4]: (error) Array 'a[10]' index 10 out of bounds</PRE
></DIV
><DIV
CLASS="section"
><HR><H2
CLASS="section"
><A
NAME="AEN30"
>2.2. Checking all files in a folder</A
></H2
><P
>Normally a program has many sourcefiles. And you want to check
them all. Cppcheck can check all sourcefiles in a directory:</P
><PRE
CLASS="programlisting"
>cppcheck path</PRE
><P
>If "path" is a folder then cppcheck will check all sourcefiles in
this folder.</P
><PRE
CLASS="programlisting"
>Checking path/file1.cpp...
1/2 files checked 50% done
Checking path/file2.cpp...
2/2 files checked 100% done</PRE
></DIV
><DIV
CLASS="section"
><HR><H2
CLASS="section"
><A
NAME="AEN36"
>2.3. Excluding a file or folder from checking</A
></H2
><P
>There is no command to exclude a file or folder from checking. But
you can exclude a file or folder by being more careful when including
files and folders in the checking.</P
><P
>Imagine for example that the folder "src" contain the folders "a",
"b" and "c". To exclude "c" this command can be used:</P
><PRE
CLASS="programlisting"
>cppcheck src/a src/b</PRE
><P
>All files under "src/a" and "src/b" are then checked.</P
><P
>The flag <TT
CLASS="literal"
>--file-list</TT
> might also be
useful.</P
></DIV
><DIV
CLASS="section"
><HR><H2
CLASS="section"
><A
NAME="AEN44"
>2.4. Severities</A
></H2
><P
>The possible severities for messages are:</P
><P
></P
><DIV
CLASS="variablelist"
><DL
><DT
>error</DT
><DD
><P
>used when bugs are found</P
></DD
><DT
>warning</DT
><DD
><P
>suggestions about defensive programming to prevent
bugs</P
></DD
><DT
>style</DT
><DD
><P
>stylistic issues related to code cleanup (unused functions,
redundant code, constness, and such)</P
></DD
><DT
>performance</DT
><DD
><P
>suggestions for making the code faster</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="section"
><HR><H2
CLASS="section"
><A
NAME="AEN65"
>2.5. Enable messages</A
></H2
><P
>By default only <TT
CLASS="literal"
>error</TT
> messages are shown.
Through the <TT
CLASS="literal"
>--enable</TT
> command more checks can be
enabled.</P
><DIV
CLASS="section"
><HR><H3
CLASS="section"
><A
NAME="AEN70"
>2.5.1. Stylistic issues</A
></H3
><P
>With <TT
CLASS="literal"
>--enable=style</TT
> you enable most
<TT
CLASS="literal"
>warning</TT
>, <TT
CLASS="literal"
>style</TT
> and
<TT
CLASS="literal"
>performance</TT
> messages.</P
><P
>Here is a simple code example:</P
><PRE
CLASS="programlisting"
>void f(int x)
{
int i;
if (x == 0)
{
i = 0;
}
}</PRE
><P
>There are no bugs in that code so Cppcheck won't report anything
by default. To enable the stylistic messages, use the --enable=style
command:</P
><PRE
CLASS="programlisting"
>cppcheck --enable=style file3.c</PRE
><P
>The output from Cppcheck is now:</P
><P
><PRE
CLASS="programlisting"
>Checking file3.c...
[file3.c:3]: (style) Variable 'i' is assigned a value that is never used
[file3.c:3]: (style) The scope of the variable i can be reduced</PRE
></P
></DIV
><DIV
CLASS="section"
><HR><H3
CLASS="section"
><A
NAME="AEN84"
>2.5.2. Unused functions</A
></H3
><P
>This check will try to find unused functions. It is best to use
this when the whole program is checked, so that all usages is seen by
cppcheck.</P
><PRE
CLASS="programlisting"
>cppcheck --enable=unusedFunction path</PRE
></DIV
><DIV
CLASS="section"
><HR><H3
CLASS="section"
><A
NAME="AEN88"
>2.5.3. Enable all checks</A
></H3
><P
>To enable all checks your can use the
<TT
CLASS="literal"
>--enable=all</TT
> flag:</P
><PRE
CLASS="programlisting"
>cppcheck --enable=all path</PRE
></DIV
></DIV
><DIV
CLASS="section"
><HR><H2
CLASS="section"
><A
NAME="AEN93"
>2.6. Saving results in file</A
></H2
><P
>Many times you will want to save the results in a file. You can
use the normal shell redirection for piping error output to a
file.</P
><PRE
CLASS="programlisting"
>cppcheck file1.c 2&#62; err.txt</PRE
></DIV
><DIV
CLASS="section"
><HR><H2
CLASS="section"
><A
NAME="AEN97"
>2.7. Multithreaded checking</A
></H2
><P
>To use 4 threads to check the files in a folder:</P
><PRE
CLASS="programlisting"
>cppcheck -j 4 path</PRE
></DIV
></DIV
><DIV
CLASS="chapter"
><HR><H1
><A
NAME="AEN101"
></A
>Chapter 3. Preprocessor configurations</H1
><P
>By default Cppcheck will check all preprocessor configurations
(except those that has #error in them). This is the recommended
behaviour.</P
><P
>But if you want to manually limit the checking you can do so with
<TT
CLASS="literal"
>-D</TT
>.</P
><P
>Beware that only the macros, which are given here and the macros
defined in source files and known header files are considered. That
excludes all the macros defined in some system header files, which are by
default not examined by cppcheck.</P
><P
>The usage: if you, for example, want to limit the checking so the
only configuration to check should be "DEBUG=1;__cplusplus" then something
like this can be used:</P
><PRE
CLASS="programlisting"
>cppcheck -DDEBUG=1 -D__cplusplus path</PRE
></DIV
><DIV
CLASS="chapter"
><HR><H1
><A
NAME="AEN109"
></A
>Chapter 4. XML output</H1
><P
>Cppcheck can generate the output in XML format.</P
><P
>Use the --xml flag when you execute cppcheck:</P
><PRE
CLASS="programlisting"
>cppcheck --xml file1.cpp</PRE
><P
>The xml format is:</P
><PRE
CLASS="programlisting"
>&#60;?xml version="1.0"?&#62;
&#60;results&#62;
&#60;error file="file1.cpp" line="123" id="someError"
severity="error" msg="some error text"/&#62;
&#60;/results&#62;</PRE
><P
>Attributes:</P
><P
></P
><DIV
CLASS="variablelist"
><DL
><DT
>file</DT
><DD
><P
>filename. Both relative and absolute paths are possible</P
></DD
><DT
>line</DT
><DD
><P
>a number</P
></DD
><DT
>id</DT
><DD
><P
>id of error. These are always valid symbolnames.</P
></DD
><DT
>severity</DT
><DD
><P
>either <TT
CLASS="literal"
>error</TT
> or <TT
CLASS="literal"
>style</TT
>.
<TT
CLASS="literal"
>warning</TT
> and <TT
CLASS="literal"
>performance</TT
> are
saved as <TT
CLASS="literal"
>style</TT
>.</P
></DD
><DT
>msg</DT
><DD
><P
>the error message</P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="chapter"
><HR><H1
><A
NAME="AEN143"
></A
>Chapter 5. Reformatting the output</H1
><P
>If you want to reformat the output so it looks different you can use
templates.</P
><P
>To get Visual Studio compatible output you can use "--template
vs":</P
><PRE
CLASS="programlisting"
>cppcheck --template vs gui/test.cpp</PRE
><P
>This output will look like this:</P
><PRE
CLASS="programlisting"
>Checking gui/test.cpp...
gui/test.cpp(31): error: Memory leak: b
gui/test.cpp(16): error: Mismatching allocation and deallocation: k</PRE
><P
>To get gcc compatible output you can use "--template gcc":</P
><PRE
CLASS="programlisting"
>cppcheck --template gcc gui/test.cpp</PRE
><P
>The output will look like this:</P
><PRE
CLASS="programlisting"
>Checking gui/test.cpp...
gui/test.cpp:31: error: Memory leak: b
gui/test.cpp:16: error: Mismatching allocation and deallocation: k</PRE
><P
>You can write your own pattern (for example a comma-separated
format):</P
><PRE
CLASS="programlisting"
>cppcheck --template "{file},{line},{severity},{id},{message}" gui/test.cpp</PRE
><P
>The output will look like this:</P
><PRE
CLASS="programlisting"
>Checking gui/test.cpp...
gui/test.cpp,31,error,memleak,Memory leak: b
gui/test.cpp,16,error,mismatchAllocDealloc,Mismatching allocation and deallocation: k</PRE
><P
></P
></DIV
><DIV
CLASS="chapter"
><HR><H1
><A
NAME="AEN159"
></A
>Chapter 6. Suppressions</H1
><P
>If you want to filter out certain errors you can suppress these.
First you need to create a suppressions file. The format is:</P
><PRE
CLASS="programlisting"
>[error id]:[filename]:[line]
[error id]:[filename2]
[error id]</PRE
><P
>The <TT
CLASS="literal"
>error id</TT
> is the id that you want to suppress.
The easiest way to get it is to use the <TT
CLASS="literal"
>--xml</TT
> command
line flag. Copy and paste the <TT
CLASS="literal"
>id</TT
> string from the xml
output.</P
><P
>Here is an example:</P
><PRE
CLASS="programlisting"
>memleak:file1.cpp
exceptNew:file1.cpp
uninitvar</PRE
><P
>You can then use the suppressions file:</P
><PRE
CLASS="programlisting"
>cppcheck --suppressions suppressions.txt src/</PRE
><P
></P
></DIV
><DIV
CLASS="chapter"
><HR><H1
><A
NAME="AEN172"
></A
>Chapter 7. Leaks</H1
><P
>Looking for memory leaks and resource leaks is a key feature of
Cppcheck. Cppcheck can detect many common mistakes by default. But through
some tweaking you can improve the checking.</P
><DIV
CLASS="section"
><HR><H2
CLASS="section"
><A
NAME="AEN175"
>7.1. Userdefined allocation/deallocation functions</A
></H2
><P
><TT
CLASS="literal"
>Cppcheck</TT
> understands many common allocation and
deallocation functions. But not all.</P
><P
>Here is example code that might leak memory or resources:</P
><P
><PRE
CLASS="programlisting"
>void foo(int x)
{
void *f = CreateFred();
if (x == 1)
return;
DestroyFred(f);
}</PRE
></P
><P
>If you analyse that with Cppcheck it won't find any leaks:</P
><PRE
CLASS="programlisting"
>cppcheck --enable=possibleError fred1.cpp</PRE
><P
>You can add some custom leaks checking by providing simple
implementations for the allocation and deallocation functions. Write
this in a separate file:</P
><PRE
CLASS="programlisting"
>void *CreateFred()
{
return malloc(100);
}
void DestroyFred(void *p)
{
free(p);
}</PRE
><P
>When Cppcheck see this it understands that CreateFred will return
allocated memory and that DestroyFred will deallocate memory.</P
><P
>Now, execute <TT
CLASS="literal"
>Cppcheck</TT
> this way:</P
><PRE
CLASS="programlisting"
>cppcheck --append=fred.cpp fred1.cpp</PRE
><P
>The output from cppcheck is:</P
><PRE
CLASS="programlisting"
>Checking fred1.cpp...
[fred1.cpp:5]: (error) Memory leak: f</PRE
></DIV
></DIV
><DIV
CLASS="chapter"
><HR><H1
><A
NAME="AEN192"
></A
>Chapter 8. Exception safety</H1
><P
>Cppcheck has a few checks that ensure that you don't break the basic
guarantee of exception safety. It doesn't have any checks for the strong
guarantee yet.</P
><P
>Example:</P
><PRE
CLASS="programlisting"
>Fred::Fred() : a(new int[20]), b(new int[20])
{
}</PRE
><P
>By default cppcheck will not detect any problems in that
code.</P
><P
>To enable the exception safety checking you can use
<TT
CLASS="literal"
>--enable</TT
>:</P
><PRE
CLASS="programlisting"
>cppcheck --enable=exceptNew --enable=exceptRealloc fred.cpp</PRE
><P
>The output will be:</P
><PRE
CLASS="programlisting"
>[fred.cpp:3]: (style) Upon exception there is memory leak: a</PRE
><P
>If an exception occurs when <TT
CLASS="literal"
>b</TT
> is allocated,
<TT
CLASS="literal"
>a</TT
> will leak.</P
><P
>Here is another example:</P
><PRE
CLASS="programlisting"
>int *p;
int a(int sz)
{
delete [] p;
if (sz &#60;= 0)
throw std::runtime_error("size &#60;= 0");
p = new int[sz];
}</PRE
><P
>Check that with Cppcheck:</P
><PRE
CLASS="programlisting"
>cppcheck --enable=exceptNew --enable=exceptRealloc except2.cpp</PRE
><P
>The output from Cppcheck is:</P
><PRE
CLASS="programlisting"
>[except2.cpp:7]: (error) Throwing exception in invalid state, p points at deallocated memory</PRE
></DIV
><DIV
CLASS="chapter"
><HR><H1
><A
NAME="AEN212"
></A
>Chapter 9. Html report</H1
><P
>You can convert the xml output from cppcheck into a html report.
You'll need python and the pygments module
(<FONT
COLOR="RED"
>http://pygments.org/</FONT
>) for this to work. In the Cppcheck source
tree there is a folder "htmlreport" that contains a script that transforms
a Cppcheck xml file into html output.</P
><P
>This command generates the help screen:</P
><P
><PRE
CLASS="programlisting"
>htmlreport/cppcheck-htmlreport -h</PRE
></P
><P
>The output screen says:</P
><P
><PRE
CLASS="programlisting"
>Usage: cppcheck-htmlreport [options]
Options:
-h, --help show this help message and exit
--file=FILE The cppcheck xml output file to read defects from.
Default is reading from stdin.
--report-dir=REPORT_DIR
The directory where the html report content is written.
--source-dir=SOURCE_DIR
Base directory where source code files can be found.</PRE
></P
><P
>An example usage:</P
><PRE
CLASS="programlisting"
>./cppcheck gui/test.cpp --xml 2&#62; err.xml
htmlreport/cppcheck-htmlreport --file=err.xml --report-dir=test1 --source-dir=.</PRE
></DIV
><DIV
CLASS="chapter"
><HR><H1
><A
NAME="AEN224"
></A
>Chapter 10. Graphical user interface</H1
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="AEN226"
>10.1. Introduction</A
></H2
><P
>A Cppcheck GUI is available.</P
><P
>The main screen is shown immediately when the GUI is
started.</P
></DIV
><DIV
CLASS="section"
><HR><H2
CLASS="section"
><A
NAME="AEN230"
>10.2. Check source code</A
></H2
><P
>Use the <TT
CLASS="literal"
>Check</TT
> menu.</P
></DIV
><DIV
CLASS="section"
><HR><H2
CLASS="section"
><A
NAME="AEN234"
>10.3. Inspecting results</A
></H2
><P
>The results are shown in a list.</P
><P
>You can show/hide certain types of messages through the
<TT
CLASS="literal"
>View</TT
> menu.</P
><P
>Results can be saved to an xml file that can later be opened. See
<TT
CLASS="literal"
>Save results to file</TT
> and <TT
CLASS="literal"
>Open
XML</TT
>.</P
></DIV
><DIV
CLASS="section"
><HR><H2
CLASS="section"
><A
NAME="AEN242"
>10.4. Settings</A
></H2
><P
>The language can be changed at any time by using the
<TT
CLASS="literal"
>Language</TT
> menu.</P
><P
>More settings are available in
<TT
CLASS="literal"
>Edit</TT
>&#62;<TT
CLASS="literal"
>Preferences</TT
>.</P
></DIV
><DIV
CLASS="section"
><HR><H2
CLASS="section"
><A
NAME="AEN249"
>10.5. Project files</A
></H2
><P
>The project files are used to store project specific settings.
These settings are:</P
><P
></P
><UL
><LI
><P
>include folders</P
></LI
><LI
><P
>preprocessor defines</P
></LI
></UL
><P
>It isn't recommended to provide the paths to the standard C/C++
headers - Cppcheck has internal knowledge about ANSI C/C++ and it isn't
recommended that this known functionality is redefined. But feel free to
try it.</P
><P
>As you can read in chapter 3 in this manual the default is that
Cppcheck checks all configurations. So only provide preprocessor defines
if you want to limit the checking.</P
></DIV
></DIV
></DIV
></BODY
></HTML
>