static analysis of C/C++ code
Go to file
chrchr-github e046232535
Fix FP returnDanglingLifetime for pointer to struct member in static array ()
* Fix   FP returnDanglingLifetime for pointer to struct member in static array

* Undo
2022-10-22 00:27:30 +02:00
.github/workflows win_installer: install network dlls needed by the GUI 2022-10-19 18:23:32 +02:00
addons Missing rule-text-file to not stop the analysis () 2022-09-12 12:55:07 +02:00
cfg Update mfc.cfg with more MFC macros () 2022-10-15 08:23:28 +02:00
cli Fix FN useStlAlgorithm with iterators () 2022-10-16 13:46:26 +02:00
cmake GUI: Detect when version is old 2022-10-09 18:51:01 +02:00
cve-test-suite fixed/excluded some shellcheck warnings and actually fail the build when something is found () 2021-01-20 18:43:49 +01:00
democlient Remove bug hunting. This feature will be provided in Cppcheck premium. 2022-04-11 07:31:33 +02:00
externals disabled all clang-tidy checks for Qt generated files () 2022-09-30 07:27:03 +02:00
gui GUI: Write better text for label, the original text might be seen a short moment. Require c++17 for building the GUI with the 2022-10-17 21:40:35 +02:00
htmlreport htmlreport/ use less heavy input for tests () 2022-08-29 12:26:10 +02:00
lib Fix FP returnDanglingLifetime for pointer to struct member in static array () 2022-10-22 00:27:30 +02:00
man added missing version bumps to 2.10 () 2022-09-09 21:02:04 +02:00
oss-fuzz enabled and fixed `readability-named-parameter` clang-tidy warnings () 2022-09-27 20:03:25 +02:00
platforms Running astyle [ci skip] 2020-11-21 00:02:44 +01:00
rules Activated 'make validateRules' and improved rule XML file parsing. Now, it optionally accepts '<rules>...</rules>' tags to make xmllint happy. 2022-06-22 00:03:18 +02:00
samples samples; Fixed missing return in non-void functions 2021-07-04 16:59:09 +02:00
test Fix FP returnDanglingLifetime for pointer to struct member in static array () 2022-10-22 00:27:30 +02:00
tools cleaned up global `` configuration variables () 2022-10-06 20:49:47 +02:00
valgrind Add Valgrind CI action () 2020-12-07 08:41:25 +01:00
win_installer win_installer: install network dlls needed by the GUI 2022-10-19 18:23:32 +02:00
.clang-tidy include all (internal non-generated) headers in clang-tidy checks () 2022-10-16 13:51:17 +02:00
.gitignore selfcheck : cleaned up some suppressions, fixed warnings and some cleanups () 2022-09-06 23:11:39 +02:00
.selfcheck_suppressions selfcheck : cleaned up some suppressions, fixed warnings and some cleanups () 2022-09-06 23:11:39 +02:00
.selfcheck_unused_suppressions added unusedFunction self check to CI / cleanups () 2022-01-18 22:02:25 +01:00
.travis.yml Moved some stuff from Travis to GitHub Actions / Cleanups () 2022-05-31 19:53:50 +02:00
.uncrustify.cfg Format with uncrustify () 2021-08-07 20:51:18 +02:00
AUTHORS AUTHORS: Add gerboengels 2022-10-11 22:02:56 +02:00
CMakeLists.txt handle precompiled headers with `ccache` / fixed caching in some docker builds () 2022-09-26 18:21:43 +02:00
Makefile return `SmallVector` from `followAllReferences()` () 2022-09-29 21:41:32 +02:00
build-pcre.txt Add how to install pcre by using homebrew () 2021-01-27 19:06:58 +01:00 disabled all clang-tidy checks for Qt generated files () 2022-09-30 07:27:03 +02:00
cppcheck-errors.rng Readd cppcheck-errors.rng 2021-06-19 19:44:36 +02:00
createrelease createrelease: small tweaks 2022-08-28 17:21:32 +02:00
generate_coverage_report rename externals/tinyxml to externals/tinyxml2 2020-11-16 09:11:53 +01:00
naming.json Check for JSON error when parsing addon .json files + fixes () 2019-11-20 15:37:09 +01:00 bumped minimum supported GCC version to 4.8 () 2022-02-05 17:57:32 +01:00
pylintrc_travis Denote 'python xxx/' line as code () 2022-09-09 23:07:58 +02:00
readme.txt Remove bug hunting. This feature will be provided in Cppcheck premium. 2022-04-11 07:31:33 +02:00 added MinGW to CI and fixed local MinGW build () 2022-02-16 07:06:04 +01:00
releasenotes.txt Makefile: some cleanups / added `VERBOSE` option () 2022-09-09 15:06:40 +02:00
requirements.txt Install pcre from github since the site is no longer available () 2021-11-06 19:05:16 +01:00
runformat runformat: simple build instruction 2021-08-08 14:34:52 +02:00 fixed/excluded some shellcheck warnings and actually fail the build when something is found () 2021-01-20 18:43:49 +01:00


GitHub Actions OSS-Fuzz Coverity Scan Build Status License
Github Action Status OSS-Fuzz Coverity Scan Build Status License

About the name

The original name of this program was "C++check", but it was later changed to "Cppcheck".

Despite the name, Cppcheck is designed for both C and C++.


A manual is available online.

Donate CPU

Cppcheck is a hobby project with limited resources. You can help us by donating CPU (1 core or as many as you like). It is simple:

  1. Download (and extract) Cppcheck source code.
  2. Run script: python cppcheck/tools/

The script will analyse debian source code and upload the results to a cppcheck server. We need these results both to improve Cppcheck and to detect regressions.

You can stop the script whenever you like with Ctrl C.


Any C++11 compiler should work. For compilers with partial C++11 support it may work. If your compiler has the C++11 features that are available in Visual Studio 2013 / GCC 4.8 then it will work.

To build the GUI, you need Qt.

When building the command line tool, PCRE is optional. It is used if you build with rules.

There are multiple compilation choices:

  • qmake - cross platform build tool
  • cmake - cross platform build tool
  • Windows: Visual Studio (VS 2013 and above)
  • Windows: Qt Creator + mingw
  • gnu make
  • g++ 4.8 (or later)
  • clang++


Example, compiling Cppcheck with cmake:

mkdir build
cd build
cmake ..
cmake --build .

If you want to compile the GUI you can use the flag. -DBUILD_GUI=ON

For rules support (requires pcre) use the flag. -DHAVE_RULES=ON

For release builds it is recommended that you use: -DUSE_MATCHCOMPILER=ON

Using cmake you can generate project files for Visual Studio,XCode,etc.


You can use the gui/ file to build the GUI.

cd gui

Visual Studio

Use the cppcheck.sln file. The file is configured for Visual Studio 2019, but the platform toolset can be changed easily to older or newer versions. The solution contains platform targets for both x86 and x64.

To compile with rules, select "Release-PCRE" or "Debug-PCRE" configuration. pcre.lib (pcre64.lib for x64 builds) and pcre.h are expected to be in /externals then. A current version of PCRE for Visual Studio can be obtained using vcpkg.

Visual Studio (from command line)

If you do not wish to use the Visual Studio IDE, you can compile cppcheck from the command line the following command.

msbuild cppcheck.sln

VS Code (on Windows)

Install MSYS2 to get GNU toolchain with g++ and gdb ( Create a settings.json file in the .vscode folder with the following content (adjust path as necessary):

    "": "C:\\msys64\\usr\\bin\\bash.exe",
    "": [
    "": {
        "CHERE_INVOKING": "1",
        "MSYSTEM": "MINGW64",

Run "make" in the terminal to build cppcheck.

For debugging create a launch.json file in the .vscode folder with the following content, which covers configuration for debugging cppcheck and

    // Use IntelliSense to learn about possible attributes.
    // Hover to view descriptions of existing attributes.
    // For more information, visit:
    "version": "0.2.0",
    "configurations": [
            "name": "cppcheck",
            "type": "cppdbg",
            "request": "launch",
            "program": "${workspaceFolder}/cppcheck.exe",
            "args": [
            "stopAtEntry": false,
            "cwd": "${workspaceFolder}",
            "environment": [],
            "externalConsole": true,
            "MIMode": "gdb",
            "miDebuggerPath": "C:/msys64/mingw64/bin/gdb.exe",
            "setupCommands": [
                    "description": "Enable pretty-printing for gdb",
                    "text": "-enable-pretty-printing",
                    "ignoreFailures": true
            "name": "",
            "type": "python",
            "request": "launch",
            "program": "${workspaceFolder}/addons/",
            "console": "integratedTerminal",
            "args": [

Qt Creator + MinGW

The PCRE dll is needed to build the CLI. It can be downloaded here:

GNU make

Simple, unoptimized build (no dependencies):


The recommended release build is:

make MATCHCOMPILER=yes FILESDIR=/usr/share/cppcheck HAVE_RULES=yes CXXFLAGS="-O2 -DNDEBUG -Wall -Wno-sign-compare -Wno-unused-function"


  1. MATCHCOMPILER=yes Python is used to optimise cppcheck. The Token::Match patterns are converted into C++ code at compile time.

  2. FILESDIR=/usr/share/cppcheck Specify folder where cppcheck files are installed (addons, cfg, platform)

  3. HAVE_RULES=yes Enable rules (PCRE is required if this is used)

  4. CXXFLAGS="-O2 -DNDEBUG -Wall -Wno-sign-compare -Wno-unused-function" Enables most compiler optimizations, disables cppcheck-internal debugging code and enables basic compiler warnings.

g++ (for experts)

If you just want to build Cppcheck without dependencies then you can use this command:

g++ -o cppcheck -std=c++11 -Iexternals -Iexternals/simplecpp -Iexternals/tinyxml2 -Iexternals/picojson -Ilib cli/*.cpp lib/*.cpp externals/simplecpp/simplecpp.cpp externals/tinyxml2/*.cpp

If you want to use --rule and --rule-file then dependencies are needed:

g++ -o cppcheck -std=c++11 -lpcre -DHAVE_RULES -Ilib -Iexternals -Iexternals/simplecpp -Iexternals/tinyxml2 cli/*.cpp lib/*.cpp externals/simplecpp/simplecpp.cpp externals/tinyxml2/*.cpp



If you encounter the following error with MATCHCOMPILER=yes you need to specify your Python interpreter via PYTHON_INTERPRETER.

process_begin: CreateProcess(NULL, which python3, ...) failed.
makefile:24: pipe: No error
process_begin: CreateProcess(NULL, which python, ...) failed.
makefile:27: pipe: No error
makefile:30: *** Did not find a Python interpreter.  Stop.

Other Compiler/IDE

  1. Create an empty project file / makefile.
  2. Add all cpp files in the cppcheck cli and lib folders to the project file / makefile.
  3. Add all cpp files in the externals folders to the project file / makefile.
  4. Compile.

Cross compiling Win32 (CLI) version of Cppcheck in Linux

sudo apt-get install mingw32
make CXX=i586-mingw32msvc-g++ LDFLAGS="-lshlwapi" RDYNAMIC=""
mv cppcheck cppcheck.exe


You can install Cppcheck with yum/apt/brew/etc.

The official rpms are built with these files:
