Static Code Analysis with Cppcheck

Warning! Some information on this page is older than 5 years now. I keep it for reference, but it probably doesn't reflect my current knowledge and beliefs.

Oct 2010

Yesterday I've tried Cppcheck - an open source tool for static C++ code analysis. That was my first practical experience with this kind of tools and I like it quite a lot. Static code analysis is the analysis performed without actually executing a program. Source code is checked against some rules to find common bugs and mistakes.

I expected to see a program that must be given paths to my IDE and all libraries I use in some configuration file before I could execute some console application with poper command line parameters and get some crypic report as the result. All in all, that's the way many programmer's tools work, especially open source ones and specially these for C or C++ languages. But here it was not the case. Cppcheck is a GUI program in which I could just click Check / Directory and read the results of the analysis while the processing was still being done in the background.

Developers of Cppcheck state on their website that "The goal is no false positives.". Apparently they haven't high-performance gamedev code in mind :) The program reported many warnings like "Member variable not initialzed in the constructor 'VEC3::x'". Generally speaking it could be dangerous, but if I want my 3D vector structure to behave like a built-in type and work as fast as possible, leaving its fields uninitialized in the default constructor is exactly what should be done.

But Cppcheck also found some real mistakes in my code, like passing "const VEC3 lhs" parameter (where I forgot about the reference "&") or some local variables that were assigned but never used. So overall I think static code analysis could be of some help to a C++ programmer.

Comments | #c++ #tools Share


[Download] [Dropbox] [pub] [Mirror] [Privacy policy]
Copyright © 2004-2021