diff --git a/man/cppcheck-design.docbook b/man/cppcheck-design.docbook index f34dc0e12..3435b6244 100644 --- a/man/cppcheck-design.docbook +++ b/man/cppcheck-design.docbook @@ -94,7 +94,7 @@ analysis can be needed to avoid false warnings. Here is an example that logically is the same as the previous example: - void f1(char *s) + void f1(char *s) { s[20] = 0; } @@ -105,7 +105,9 @@ void f2() if (x + y == 2) { f1(a); } -}Cppcheck will report this message: +} + + Cppcheck will report this message: Array 'a[10]' index 20 out of bounds @@ -116,7 +118,7 @@ void f2() prove that "x+y==2" can be true when the function is called from "f2". No error message is reported for this code: - void f1(char *s) + void f1(char *s) { if (x + y == 2) { s[20] = 0; @@ -127,7 +129,7 @@ void f2() { char a[10]; f1(a); -} +}
diff --git a/man/manual.docbook b/man/manual.docbook index f0f3ef59c..1bdca18ac 100644 --- a/man/manual.docbook +++ b/man/manual.docbook @@ -106,11 +106,12 @@ Checking path/file2.cpp... cppcheck src/a src/b - All files under "src/a" and "src/b" are then checked. + All files under src/a and + src/b are then checked. - The second option is to use -i, with it you - specify files/paths to ignore. With this command no files in "src/c" are - checked: + The second option is to use -i, + with it you specify files/paths to ignore. With this command no files in + src/c are checked: cppcheck -isrc/c src
@@ -174,16 +175,17 @@ Checking path/file2.cpp...
Enable messages - By default only error messages are shown. - Through the --enable command more checks can be - enabled. + By default only error messages + are shown. Through the --enable + command more checks can be enabled.
Stylistic issues - With --enable=style you enable most - warning, style and - performance messages. + With --enable=style you + enable most warning, + style and + performance messages. Here is a simple code example: @@ -197,16 +199,16 @@ Checking path/file2.cpp... } There are no bugs in that code so Cppcheck won't report anything - by default. To enable the stylistic messages, use the --enable=style - command: + by default. To enable the stylistic messages, use the + --enable=style command: cppcheck --enable=style file3.c The output from Cppcheck is now: - Checking file3.c... + Checking file3.c... [file3.c:3]: (style) Variable 'i' is assigned a value that is never used -[file3.c:3]: (style) The scope of the variable i can be reduced +[file3.c:3]: (style) The scope of the variable i can be reduced
@@ -223,7 +225,7 @@ Checking path/file2.cpp... Enable all checks To enable all checks your can use the - --enable=all flag: + --enable=all flag: cppcheck --enable=all path
@@ -248,7 +250,7 @@ Checking path/file2.cpp...
- + Preprocessor configurations By default Cppcheck will check all preprocessor configurations @@ -256,16 +258,16 @@ Checking path/file2.cpp... behaviour. But if you want to manually limit the checking you can do so with - -D. + -D. Beware that only the macros, which are given here and the macros defined in source files and known header files are considered. That excludes all the macros defined in some system header files, which are by - default not examined by cppcheck. + default not examined by Cppcheck. The usage: if you, for example, want to limit the checking so the - only configuration to check should be "DEBUG=1;__cplusplus" then something - like this can be used: + only configuration to check should be DEBUG=1;__cplusplus + then something like this can be used: cppcheck -DDEBUG=1 -D__cplusplus path @@ -275,7 +277,8 @@ Checking path/file2.cpp... Cppcheck can generate the output in XML format. - Use the --xml flag when you execute cppcheck: + Use the --xml flag when you + execute cppcheck: cppcheck --xml file1.cpp @@ -291,7 +294,7 @@ Checking path/file2.cpp... - file + file filename. Both relative and absolute paths are possible @@ -299,7 +302,7 @@ Checking path/file2.cpp... - line + line a number @@ -307,7 +310,7 @@ Checking path/file2.cpp... - id + id id of error. These are always valid symbolnames. @@ -315,17 +318,18 @@ Checking path/file2.cpp... - severity + severity - either error or style. - warning and performance are - saved as style. + either error or + style. + warning and performance + are saved as style. - msg + msg the error message @@ -340,8 +344,8 @@ Checking path/file2.cpp... If you want to reformat the output so it looks different you can use templates. - To get Visual Studio compatible output you can use "--template - vs": + To get Visual Studio compatible output you can use + --template vs: cppcheck --template vs gui/test.cpp @@ -351,7 +355,8 @@ Checking path/file2.cpp... gui/test.cpp(31): error: Memory leak: b gui/test.cpp(16): error: Mismatching allocation and deallocation: k - To get gcc compatible output you can use "--template gcc": + To get gcc compatible output you can use + --template gcc: cppcheck --template gcc gui/test.cpp @@ -371,30 +376,29 @@ gui/test.cpp:16: error: Mismatching allocation and deallocation: kChecking gui/test.cpp... gui/test.cpp,31,error,memleak,Memory leak: b gui/test.cpp,16,error,mismatchAllocDealloc,Mismatching allocation and deallocation: k - - Suppressions If you want to filter out certain errors you can suppress these. - The --suppress= command line option is used to specify - suppressions on the command line. The format is one of: + The --suppress= command line option + is used to specify suppressions on the command line. + The format is one of: [error id]:[filename]:[line] [error id]:[filename2] [error id] - The error id is the id that you want to suppress. - The easiest way to get it is to use the --xml command - line flag. Copy and paste the id string from the XML - output. This may be * to suppress all warnings (for a specified file or - files). + The error id is the id that you want to suppress. + The easiest way to get it is to use the --xml + command line flag. Copy and paste the id string from the XML + output. This may be * to suppress all warnings (for a + specified file or files). - The filename may include the wildcard characters - * or ?, which match any sequence of characters or any single character - respectively. + The filename may include the wildcard characters + * or ?, which match any sequence of + characters or any single character respectively. cppcheck --suppress=memleak:file1.cpp src/ @@ -410,8 +414,6 @@ uninitvar You can then use the suppressions file: cppcheck --suppressions suppressions.txt src/ - - @@ -424,18 +426,18 @@ uninitvar
User-defined allocation/deallocation functions - Cppcheck understands many common allocation and + Cppcheck understands many common allocation and deallocation functions. But not all. Here is example code that might leak memory or resources: - void foo(int x) + void foo(int x) { void *f = CreateFred(); if (x == 1) return; DestroyFred(f); -} +} If you analyse that with Cppcheck it won't find any leaks: @@ -455,14 +457,15 @@ void DestroyFred(void *p) free(p); } - When Cppcheck see this it understands that CreateFred will return - allocated memory and that DestroyFred will deallocate memory. + When Cppcheck see this it understands that CreateFred() + will return allocated memory and that DestroyFred() + will deallocate memory. - Now, execute Cppcheck this way: + Now, execute cppcheck this way: cppcheck --append=fred.cpp fred1.cpp - The output from cppcheck is: + The output from cppcheck is: Checking fred1.cpp... [fred1.cpp:5]: (error) Memory leak: f @@ -482,11 +485,11 @@ void DestroyFred(void *p) { } - By default cppcheck will not detect any problems in that + By default Cppcheck will not detect any problems in that code. To enable the exception safety checking you can use - --enable: + --enable: cppcheck --enable=exceptNew --enable=exceptRealloc fred.cpp @@ -494,8 +497,8 @@ void DestroyFred(void *p) [fred.cpp:3]: (style) Upon exception there is memory leak: a - If an exception occurs when b is allocated, - a will leak. + If an exception occurs when b is allocated, + a will leak. Here is another example: @@ -523,17 +526,18 @@ int a(int sz) You can convert the XML output from cppcheck into a HTML report. You'll need Python and the pygments module - (http://pygments.org/) for this to work. In the Cppcheck source - tree there is a folder "htmlreport" that contains a script that transforms - a Cppcheck XML file into HTML output. + (http://pygments.org/) for this to + work. In the Cppcheck source tree there is a folder + htmlreport that contains a script + that transforms a Cppcheck XML file into HTML output. This command generates the help screen: - htmlreport/cppcheck-htmlreport -h + htmlreport/cppcheck-htmlreport -h The output screen says: - Usage: cppcheck-htmlreport [options] + Usage: cppcheck-htmlreport [options] Options: -h, --help show this help message and exit @@ -542,7 +546,7 @@ Options: --report-dir=REPORT_DIR The directory where the html report content is written. --source-dir=SOURCE_DIR - Base directory where source code files can be found. + Base directory where source code files can be found. An example usage: @@ -565,7 +569,7 @@ htmlreport/cppcheck-htmlreport --file=err.xml --report-dir=test1 --source-dir=.<
Check source code - Use the Check menu. + Use the Check menu.
@@ -574,7 +578,7 @@ htmlreport/cppcheck-htmlreport --file=err.xml --report-dir=test1 --source-dir=.< The results are shown in a list. You can show/hide certain types of messages through the - View menu. + View menu. Results can be saved to an XML file that can later be opened. See Save results to file and Open @@ -585,10 +589,11 @@ htmlreport/cppcheck-htmlreport --file=err.xml --report-dir=test1 --source-dir=.< Settings The language can be changed at any time by using the - Language menu. + Language menu. More settings are available in - Edit>Preferences. + EditPreferences + .
@@ -612,13 +617,23 @@ htmlreport/cppcheck-htmlreport --file=err.xml --report-dir=test1 --source-dir=.< recommended that this known functionality is redefined. But feel free to try it. - As you can read in chapter 3 in this manual the default is that - Cppcheck checks all configurations. So only provide preprocessor defines - if you want to limit the checking. + As you can read in chapter + 3 in this manual the default is that Cppcheck checks all configurations. + So only provide preprocessor defines if you want to limit the checking.
+ + + Daniel + Marjamäki + + Cppcheck + + + 2010-2011 + Writing Cppcheck rules &writing-rules-1; &writing-rules-2; diff --git a/man/writing-rules-1.docbook b/man/writing-rules-1.docbook index 620acf1e5..1dd1db043 100644 --- a/man/writing-rules-1.docbook +++ b/man/writing-rules-1.docbook @@ -1,20 +1,6 @@ -
- - Part 1 - Getting started - - - Daniel - - Marjamäki - - - Cppcheck - - - - 2010 - +
+ Part 1 - Getting started
Introduction @@ -30,7 +16,7 @@ Data representation of the source code The data used by the rules are not the raw source code. - Cppcheck will read the source code and process it + Cppcheck will read the source code and process it before the rules are used. Cppcheck is designed to find bugs and dangerous code. Stylistic @@ -39,7 +25,8 @@ you write rules. Between each token in the code there is always a space. For instance - the raw code "1+f()" is processed into "1 + f ( )". + the raw code "1+f()" is processed into "1 + f ( )" + . The code is simplified in many ways.
@@ -62,10 +49,10 @@
Step 1 - Creating the regular expression - Cppcheck uses the PCRE library to handle - regular expressions. PCRE stands for "Perl Compatible - Regular Expressions". The homepage for PCRE is - http://www.pcre.org. + Cppcheck uses the PCRE library to handle regular expressions. + PCRE stands for "Perl Compatible Regular Expressions". + The homepage for PCRE is + http://www.pcre.org/. Let's create a regular expression that checks for code such as: @@ -74,7 +61,8 @@ free(p); For such code the condition is often redundant (on most - implementations it is valid to free a NULL pointer). + implementations it is valid to free a NULL pointer). + The regular expression must be written for the simplified code. To see what the simplified code looks like you can create a source file @@ -85,8 +73,8 @@ free(p); } - Save that code as dealloc.cpp and then use - cppcheck --rule=".+" dealloc.cpp: + Save that code as dealloc.cpp and then use + cppcheck --rule=".+" dealloc.cpp: $ ./cppcheck --rule=".+" dealloc.cpp Checking dealloc.cpp... @@ -134,7 +122,7 @@ Checking dealloc.cpp... </message> </rule> - If you save that xml data in dealloc.rule you + If you save that xml data in dealloc.rule you can test this rule: $ cppcheck --rule-file=dealloc.rule dealloc.cpp diff --git a/man/writing-rules-2.docbook b/man/writing-rules-2.docbook index 4b4295c4e..5a246d6c0 100644 --- a/man/writing-rules-2.docbook +++ b/man/writing-rules-2.docbook @@ -1,20 +1,6 @@ -
- - Part 2 - The Cppcheck data representation - - - Daniel - - Marjamäki - - - Cppcheck - - - - 2010 - +
+ Part 2 - The Cppcheck data representation
Introduction @@ -33,23 +19,25 @@ There are two ways to look at the data representation at runtime. - Using --rule=.+ is one way. All tokens are written on a line: + Using --rule=.+ is one way. + All tokens are written on a line: int a ; int b ; - Using --debug is another way. The tokens are line separated in the - same way as the original code: + Using --debug is another way. + The tokens are line separated in the same way as the original code: 1: int a@1 ; 2: int b@2 ; - In the --debug output there are "@1" and "@2" shown. These are the + In the --debug output there are + "@1" and "@2" shown. These are the variable ids (Cppcheck gives each variable a unique id). You can ignore these if you only plan to write rules with regular expressions, you can't use variable ids with regular expressions. - In general, I will use the --rule=.+ output in - this article because it is more compact. + In general, I will use the --rule=.+ + output in this article because it is more compact.
@@ -130,7 +118,8 @@ s8 x; array[x + 2] = 0; } - The --debug output for that is: + The --debug output for that + is: 1: void f ( ) 2: { @@ -154,7 +143,8 @@ s8 x; free(b); } - The --debug output for that is: + The --debug output for that + is: 1: void f ( ) 2: { @@ -196,7 +186,7 @@ s8 x; f2(); } - The --debug output: + The --debug output: 1: void f ( int x@1 ) 2: { @@ -252,8 +242,8 @@ s8 x; } } - The x=f1() is broken out. The - --debug output: + The x=f1() is broken out. The + --debug output: 1: void f ( ) 2: { @@ -274,7 +264,7 @@ s8 x; } The x=f1() is broken out twice. The - --debug output: + --debug output: 1: void f ( ) 2: { @@ -331,7 +321,7 @@ s8 x; if (x != 0); } - The --debug output is: + The --debug output is: 1: void f ( ) 2: { diff --git a/man/writing-rules-3.docbook b/man/writing-rules-3.docbook index 102937ffe..cb5b56787 100644 --- a/man/writing-rules-3.docbook +++ b/man/writing-rules-3.docbook @@ -1,24 +1,12 @@ -
- - Part 3 - Introduction to writing rules with C++ - - - DanielMarjamäki - - - Cppcheck - - - - 2011 - +
+ Part 3 - Introduction to writing rules with C++
Introduction The goal for this article is to introduce how - Cppcheck rules are written with C++. With C++ it is + Cppcheck rules are written with C++. With C++ it is possible to write more complex rules than is possible with regular expressions.
@@ -95,9 +83,9 @@ void CheckOther::divisionByZeroError()
Condition before deallocation - In the first Writing rules article I described a - rule that looks for redundant conditions. Here is the regular expression - that was shown: + In the first Writing rules part + I described a rule that looks for redundant conditions. Here is the regular + expression that was shown: if \( p \) { free \( p \) ; }