diff --git a/man/manual.docbook b/man/manual.docbook
index eb56b7d53..2438ad750 100644
--- a/man/manual.docbook
+++ b/man/manual.docbook
@@ -5,7 +5,7 @@
Cppcheck 1.75
- 2016-07-27
+ 2016-08-13
@@ -89,6 +89,27 @@ Checking path/file2.cpp...
2/2 files checked 100% done
+
+ Check files manually or use project file
+
+ With Cppcheck you can check files manually, by specifying
+ files/paths to check and settings. Or you can use a project file
+ (cmake/visual studio).
+
+ Using the project file is quicker since it requires very little
+ configuration from you.
+
+ Checking files manually gives you better control of the
+ analysis.
+
+ We don't know which approach will give you the best results. It is
+ recommended that you try both. It is possible that you will get
+ different results so that to find most bugs you need to use both
+ approaches.
+
+ Later chapters will describe this in more detail.
+
+
Excluding a file or folder from checking
@@ -108,27 +129,6 @@ Checking path/file2.cpp...
cppcheck -isrc/c src
-
- Include paths
-
- To add an include path, use -I, followed by the path.
-
- Cppcheck's preprocessor basically handles includes like any other
- preprocessor. However, while other preprocessors stop working when they
- encounter a missing header, cppcheck will just print an information
- message and continues parsing the code.
-
- The purpose of this behaviour is that cppcheck is meant to work
- without necessarily seeing the entire code. Actually, it is recommended
- to not give all include paths. While it is useful for cppcheck to see
- the declaration of a class when checking the implementation of its
- members, passing standard library headers is highly discouraged because
- it will result in worse results and longer checking time. For such
- cases, .cfg files (see below) are the better way to provide information
- about the implementation of functions and types to cppcheck.
-
-
Severities
@@ -305,19 +305,85 @@ cppcheck --enable=all
+
+ Project
+
+ When you use CMake or Visual Studio you can use
+ --project to analyse your project.
+
+ It will give you quick and easy results. There is not much
+ configuration you need to do. But it is hard to say if this will give you
+ the best results, it is recommended that you try it and also try to
+ analyse your source code without --project and see
+ which option works best for you.
+
+
+ CMake
+
+ Cppcheck can understand compile databases. You can generate these
+ with CMake.
+
+ Example:
+
+ $ cmake -DCMAKE_EXPORT_COMPILE_COMMANDS=ON .
+
+ The file compile_commands.json is created in
+ the current folder.
+
+ Now run Cppcheck like this:
+
+ $ cppcheck --project=compile_commands.json
+
+
+
+ Visual Studio
+
+ You can run Cppcheck on individual project files (*.vcxproj) or on
+ a whole solution (*.sln)
+
+ # run cppcheck on a whole solution
+$ cppcheck --project=foobar.sln
+
+# run cppcheck on a individual project
+$ cppcheck --project=foobar.vcxproj
+
+ Please note that there is also a Visual Studio plugin that allows
+ you to run cppcheck inside Visual Studio.
+
+
+
- Preprocessor configurations
+ Preprocessor settings
- By default Cppcheck will check all preprocessor configurations
- (except those that have #error in them).
+ If you use --project then Cppcheck will use the
+ preprocessor settings from the project file.
- You can use -D to change this. When you use -D, cppcheck will by
- default only check the given configuration and nothing else. This is how
- compilers work. But you can use --force or
- --max-configs to override the number of
- configurations.
+ Otherwise you'll probably want to configure the include paths,
+ defines etc.
- # check all configurations
+
+ Defines
+
+ Here is a file that has 2 configurations (with A defined and
+ without A):
+
+ #ifdef A
+ x = y;
+#else
+ x = z;
+#endif
+
+ By default Cppcheck will check all preprocessor configurations
+ (except those that have #error in them). So the above code will be
+ analysed both when A is defined and when it is not.
+
+ You can use -D to change this. When you use -D, cppcheck will by
+ default only check the given configuration and nothing else. This is how
+ compilers work. But you can use --force or
+ --max-configs to override the number of
+ configurations.
+
+ # check all configurations
cppcheck file.c
# only check the configuration A
@@ -326,13 +392,35 @@ cppcheck -DA file.c
# check all configurations when macro A is defined
cppcheck -DA --force file.c
- Another useful flag might be -U. It undefines a symbol. Example
- usage:
+ Another useful flag might be -U. It undefines a symbol. Example
+ usage:
- cppcheck -UX file.c
+ cppcheck -UX file.c
- That will mean that X is not defined. Cppcheck will not check what
- happens when X is defined.
+ That will mean that X is not defined. Cppcheck will not check what
+ happens when X is defined.
+
+
+
+ Include paths
+
+ To add an include path, use -I, followed by the path.
+
+ Cppcheck's preprocessor basically handles includes like any other
+ preprocessor. However, while other preprocessors stop working when they
+ encounter a missing header, cppcheck will just print an information
+ message and continues parsing the code.
+
+ The purpose of this behaviour is that cppcheck is meant to work
+ without necessarily seeing the entire code. Actually, it is recommended
+ to not give all include paths. While it is useful for cppcheck to see
+ the declaration of a class when checking the implementation of its
+ members, passing standard library headers is highly discouraged because
+ it will result in worse results and longer checking time. For such
+ cases, .cfg files (see below) are the better way to provide information
+ about the implementation of functions and types to cppcheck.
+
@@ -721,12 +809,10 @@ Checking test.c...
Here is an example program:
-
- void test()
+ void test()
{
HPEN pen = CreatePen(PS_SOLID, 1, RGB(255,0,0));
-}
-
+}
The code example above has a resource leak -
CreatePen() is a WinAPI function that creates a
@@ -753,11 +839,11 @@ Checking pen1.c...
</resource>
</def>
- The allocation and deallocation functions are organized in groups.
- Each group is defined in a <resource> or
- <memory> tag and is identified by its
- <dealloc> functions. This means, groups with
- overlapping <dealloc> tags are merged.
+ The allocation and deallocation functions are organized in
+ groups. Each group is defined in a <resource>
+ or <memory> tag and is identified by its
+ <dealloc> functions. This means, groups with
+ overlapping <dealloc> tags are merged.