static analysis of C/C++ code
Go to file
dummyunit 229832e72e
Read error locations in the correct order from XML (#3226)
When ErrorMessage::callStack elements are serialized to XML they are
saved in the reverse order. But when they read back from XML they are
added at the end of the list. Thus the round trip via XML reverses the
order of ErrorMessage::callStack.

From the user point of view it looks like the usage of the
--cppcheck-build-dir option sometimes (when the file wasn't reanalyzed,
but that is hard to spot) results in incorrect location info for some
diagnostic messages.

Moreover, when the first location matches some suppression rule and the
last doesn't match any (or vice versa), usage of --cppcheck-build-dir
results in some diagnostic messages appearing and disappearing seemingly
at random (again, depending on whether the file was reanalyzed or not).
2021-04-22 14:28:33 +02:00
.github/workflows Clang import; This experimental feature didn't "take off" much. After a lot of work we are still far fram the goal. I remove it now but don't rule out completely that it could ever be added again. 2021-04-21 18:59:48 +02:00
addons misra: Fixed a crash in rule 8.2 (#3208) 2021-04-13 10:09:42 +02:00
cfg wxwidgets.cfg: Make use of 'nullpointer' in wxwidgets.cfg instead of using 'NULL', since wxWidgets library is C++11 already. 2021-04-20 09:31:06 +02:00
cli Clang import; This experimental feature didn't "take off" much. After a lot of work we are still far fram the goal. I remove it now but don't rule out completely that it could ever be added again. 2021-04-21 18:59:48 +02:00
cmake added clang-tidy to CI (#3218) 2021-04-18 21:51:47 +02:00
cve-test-suite fixed/excluded some shellcheck warnings and actually fail the build when something is found (#3068) 2021-01-20 18:43:49 +01:00
democlient Removed Cppcheck::terminate() 2020-12-04 18:47:43 +01:00
externals added clang-tidy to CI (#3218) 2021-04-18 21:51:47 +02:00
gui Clang import; This experimental feature didn't "take off" much. After a lot of work we are still far fram the goal. I remove it now but don't rule out completely that it could ever be added again. 2021-04-21 18:59:48 +02:00
htmlreport moved more tests from Travis to GitHub actions (#3201) 2021-04-09 07:47:11 +02:00
lib Read error locations in the correct order from XML (#3226) 2021-04-22 14:28:33 +02:00
man Clang import; This experimental feature didn't "take off" much. After a lot of work we are still far fram the goal. I remove it now but don't rule out completely that it could ever be added again. 2021-04-21 18:59:48 +02:00
oss-fuzz cleaned up includes based on include-what-you-use (#3141) 2021-04-03 21:30:50 +02:00
platforms Running astyle [ci skip] 2020-11-21 00:02:44 +01:00
rules Format rules files as well 2019-09-26 19:58:39 +02:00
samples Try to fix Travis 2019-08-20 22:00:50 +02:00
snap Fix permissions of certain non-executable files (#1083) 2018-02-09 19:46:38 +01:00
test Read error locations in the correct order from XML (#3226) 2021-04-22 14:28:33 +02:00
tools Fix CodeQL security warnings 2021-04-20 11:08:01 +02:00
valgrind Add Valgrind CI action (#2921) 2020-12-07 08:41:25 +01:00
win_installer win_installer: Add misra_9.py (#3180) 2021-03-22 18:57:28 +01:00
.astylerc Move astyle options to a separate file. That way keeping it in sync b… (#1468) 2018-11-09 09:55:34 +01:00
.clang-tidy added clang-tidy to CI (#3218) 2021-04-18 21:51:47 +02:00
.codacy.yml Codacy: Try to exclude all addon test files 2018-10-18 09:29:38 +02:00
.gitignore some test/CI related refactoring and cleanup (#3163) 2021-04-03 21:22:39 +02:00
.mailmap Revert "Revert "Add a .mailmap file."" 2013-10-04 18:03:18 +02:00
.travis.yml moved more tests from Travis to GitHub actions (#3201) 2021-04-09 07:47:11 +02:00
.travis_llvmcheck_suppressions Travis: updated the .travis_llvmcheck_suppressions file, * is not allowed 2018-11-19 15:42:40 +01:00
.travis_suppressions enabled "debug" findings in self-check / split "simplifyUsing" and "simplyTypedef" from more generic "debug" (#3210) 2021-04-17 18:07:47 +02:00
AUTHORS AUTHORS; Added fschwa 2021-04-06 19:42:29 +02:00
CMakeLists.txt Add find_package(tinyxml2) to CMake builds (#2691) 2020-11-22 08:57:07 +01:00
COPYING Licensing: Using the GPL 3 license 2008-10-26 07:55:15 +00:00
Makefile Read error locations in the correct order from XML (#3226) 2021-04-22 14:28:33 +02:00
appveyor.yml appveyor.yml: removed unneeded installation/update of Python packages (#3207) 2021-04-12 09:31:52 +02:00
benchmarks.txt benchmarks: Added CImg. Removed old stuff. 2019-03-04 07:05:40 +01:00
build-pcre.txt Add how to install pcre by using homebrew (#3087) 2021-01-27 19:06:58 +01:00
console_common.pri pro and pri files: remove unneeded empty lines, use spaces for consistency 2012-10-12 17:46:57 +02:00
cppcheck-errors.rng XML: Ensure file0 info is kept in multithreaded analysis. Write file0 attribute in top <error> element instead of in the <location> elements. 2021-04-05 12:03:39 +02:00
cppcheck.cppcheck Add cppcheck.cppcheck build dir 2018-02-23 22:16:49 +01:00
cppcheck.sln Updated to Visual Studio 2019 2019-07-06 12:11:19 +02:00
createrelease createrelease: release pdfs will be built by github actions 2021-03-21 21:35:29 +01:00
doxyfile Fix typos (#1568) 2019-01-06 17:15:57 +01:00
generate_coverage_report rename externals/tinyxml to externals/tinyxml2 2020-11-16 09:11:53 +01:00
naming.json Check for JSON error when parsing addon .json files + fixes (#2374) 2019-11-20 15:37:09 +01:00
philosophy.md philosophy.md : Describe inconclusive messages (#2841) 2021-01-18 19:58:06 +01:00
pylintrc_travis pylintrc_travis: Add check for bad-indentation, fix issues in misra.py (#2349) 2019-11-11 13:53:19 +01:00
readme.md Add description of setup for development in VS Code. (#3170) 2021-03-20 10:34:42 +01:00
readme.txt rename externals/tinyxml to externals/tinyxml2 2020-11-16 09:11:53 +01:00
readmeja.md rename externals/tinyxml to externals/tinyxml2 2020-11-16 09:11:53 +01:00
requirements.txt Update pcre version since the link is broken (#2089) 2019-08-15 20:48:10 +02:00
runastyle Astyle: sync windows and linux folders (#3016) 2021-01-06 17:13:44 +01:00
runastyle.bat Astyle: sync windows and linux folders (#3016) 2021-01-06 17:13:44 +01:00
webreport.sh fixed/excluded some shellcheck warnings and actually fail the build when something is found (#3068) 2021-01-20 18:43:49 +01:00

readme.md

Cppcheck

GitHub Actions Linux Build Status Windows Build Status OSS-Fuzz Coverity Scan Build Status License
Github Action Status Linux Build Status Windows Build Status OSS-Fuzz Coverity Scan Build Status License

About the name

The original name of this program was "C++check", but it was later changed to "Cppcheck".

Despite the name, Cppcheck is designed for both C and C++.

Manual

A manual is available online.

Donate CPU

Cppcheck is a hobby project with limited resources. You can help us by donating CPU (1 core or as many as you like). It is simple:

  1. Download (and extract) Cppcheck source code.
  2. Run script: python cppcheck/tools/donate-cpu.py.

The script will analyse debian source code and upload the results to a cppcheck server. We need these results both to improve Cppcheck and to detect regressions.

You can stop the script whenever you like with Ctrl C.

Compiling

Any C++11 compiler should work. For compilers with partial C++11 support it may work. If your compiler has the C++11 features that are available in Visual Studio 2013 / GCC 4.6 then it will work.

To build the GUI, you need Qt.

When building the command line tool, PCRE is optional. It is used if you build with rules.

There are multiple compilation choices:

  • qmake - cross platform build tool
  • cmake - cross platform build tool
  • Windows: Visual Studio (VS 2013 and above)
  • Windows: Qt Creator + mingw
  • gnu make
  • g++ 4.6 (or later)
  • clang++

cmake

Example, compiling Cppcheck with cmake:

mkdir build
cd build
cmake ..
cmake --build .

If you want to compile the GUI you can use the flag. -DBUILD_GUI=ON

For rules support (requires pcre) use the flag. -DHAVE_RULES=ON

For release builds it is recommended that you use: -DUSE_MATCHCOMPILER=ON

Using cmake you can generate project files for Visual Studio,XCode,etc.

qmake

You can use the gui/gui.pro file to build the GUI.

cd gui
qmake
make

Visual Studio

Use the cppcheck.sln file. The file is configured for Visual Studio 2019, but the platform toolset can be changed easily to older or newer versions. The solution contains platform targets for both x86 and x64.

To compile with rules, select "Release-PCRE" or "Debug-PCRE" configuration. pcre.lib (pcre64.lib for x64 builds) and pcre.h are expected to be in /externals then. A current version of PCRE for Visual Studio can be obtained using vcpkg.

VS Code (on Windows)

Install MSYS2 to get GNU toolchain with g++ and gdb (https://www.msys2.org/). Create a settings.json file in the .vscode folder with the following content (adjust path as necessary):

{
    "terminal.integrated.shell.windows": "C:\\msys64\\usr\\bin\\bash.exe",
    "terminal.integrated.shellArgs.windows": [
        "--login",
    ],
    "terminal.integrated.env.windows": {
        "CHERE_INVOKING": "1",
        "MSYSTEM": "MINGW64",
    }
}

Run "make" in the terminal to build cppcheck.

For debugging create a launch.json file in the .vscode folder with the following content, which covers configuration for debugging cppcheck and misra.py:

{
    // Use IntelliSense to learn about possible attributes.
    // Hover to view descriptions of existing attributes.
    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
    "version": "0.2.0",
    "configurations": [
        {
            "name": "cppcheck",
            "type": "cppdbg",
            "request": "launch",
            "program": "${workspaceFolder}/cppcheck.exe",
            "args": [
                "--dump",
                "${workspaceFolder}/addons/test/misra/misra-test.c"
            ],
            "stopAtEntry": false,
            "cwd": "${workspaceFolder}",
            "environment": [],
            "externalConsole": true,
            "MIMode": "gdb",
            "miDebuggerPath": "C:/msys64/mingw64/bin/gdb.exe",
            "setupCommands": [
                {
                    "description": "Enable pretty-printing for gdb",
                    "text": "-enable-pretty-printing",
                    "ignoreFailures": true
                }
            ]
        },
        {
            "name": "misra.py",
            "type": "python",
            "request": "launch",
            "program": "${workspaceFolder}/addons/misra.py",
            "console": "integratedTerminal",
            "args": [
                "${workspaceFolder}/addons/test/misra/misra-test.c.dump"
            ]
        }
    ]
}

Qt Creator + MinGW

The PCRE dll is needed to build the CLI. It can be downloaded here: http://software-download.name/pcre-library-windows/

GNU make

Simple, unoptimized build (no dependencies):

make

The recommended release build is:

make MATCHCOMPILER=yes FILESDIR=/usr/share/cppcheck HAVE_RULES=yes CXXFLAGS="-O2 -DNDEBUG -Wall -Wno-sign-compare -Wno-unused-function"

Flags:

  1. MATCHCOMPILER=yes Python is used to optimise cppcheck. The Token::Match patterns are converted into C++ code at compile time.

  2. FILESDIR=/usr/share/cppcheck Specify folder where cppcheck files are installed (addons, cfg, platform)

  3. HAVE_RULES=yes Enable rules (PCRE is required if this is used)

  4. CXXFLAGS="-O2 -DNDEBUG -Wall -Wno-sign-compare -Wno-unused-function" Enables most compiler optimizations, disables cppcheck-internal debugging code and enables basic compiler warnings.

g++ (for experts)

If you just want to build Cppcheck without dependencies then you can use this command:

g++ -o cppcheck -std=c++11 -Iexternals -Iexternals/simplecpp -Iexternals/tinyxml2 -Iexternals/picojson -Ilib cli/*.cpp lib/*.cpp externals/simplecpp/simplecpp.cpp externals/tinyxml2/*.cpp

If you want to use --rule and --rule-file then dependencies are needed:

g++ -o cppcheck -std=c++11 -lpcre -DHAVE_RULES -Ilib -Iexternals -Iexternals/simplecpp -Iexternals/tinyxml2 cli/*.cpp lib/*.cpp externals/simplecpp/simplecpp.cpp externals/tinyxml2/*.cpp

MinGW

mingw32-make LDFLAGS=-lshlwapi

Other Compiler/IDE

  1. Create an empty project file / makefile.
  2. Add all cpp files in the cppcheck cli and lib folders to the project file / makefile.
  3. Add all cpp files in the externals folders to the project file / makefile.
  4. Compile.

Cross compiling Win32 (CLI) version of Cppcheck in Linux

sudo apt-get install mingw32
make CXX=i586-mingw32msvc-g++ LDFLAGS="-lshlwapi" RDYNAMIC=""
mv cppcheck cppcheck.exe

Packages

You can install Cppcheck with yum/apt/brew/etc.

The official rpms are built with these files: https://src.fedoraproject.org/rpms/cppcheck/tree/master

Webpage

http://cppcheck.sourceforge.net/