We encounter many warnings and errors (“warning” and “error”) in the codes we write. The compilers we use to reveal these warnings and errors for us during compilation, and accordingly, we make these adjustments where they need to be corrected. While many compilers do this internally, there are cases where it needs to be done externally. This process is called static analysis. There are also many tools available to perform static analysis. In this article, I will try to give information about how we can do static analysis with the CppCheck tool.
Static analysis allows us to detect errors that can be detected without compiling (i.e. pre-compile) the code and allow us to fix them. In this way, it focuses on detecting bugs that may occur early and detecting undefined behaviours and dangerous code structures (undefined behaviour and dangerous coding constructs). Below are some static analysis tools you can use. We will continue with CppCheck later in the article.
Cppcheck is a (CLI) command-line tool that tries to detect errors that our C/C++ compiler does not see. In fact, its job is simply to compile the entire code without compiling it with some macros and preprocessor commands. Since it only examines certain parameters, this process is done very quickly compared to the normal compilation process.
For the CppCheck installation, you can install it from this address if you want, but I will perform the operations through the terminal in Ubuntu 18.04. Firstly
sudo apt update sudo apt install -y cppcheck
Then we can start using it directly from the CLI. As an example file structure:
Let’s start by assuming we use this structure. First, if we want a simple analysis, we can perform the analysis of the ‘source/main.cpp’ file by typing the command.
cd source && cppcheck main.cpp
If everything is right
Checking main.cpp ... 1/1 file checked 100% done
It will be completed with its output. If you want to perform this operation not in a file specific but under a whole directory, you can use the command below and get the output.
cppcheck source Checking source/main.cpp ... 1/2 files checked 50% done Checking source/demo.cpp ... 2/2 files checked 100% done
You can use “.” operator to complete the checking process by including all folders and files under the project folder.
cppcheck . Checking source/main.cpp ... 1/5 files checked 20% done Checking source/demo.cpp ... 2/5 files checked 40% done Checking test/test_main.cpp ... 3/5 files checked 60% done Checking test/test_demo.cpp ... 4/5 files checked 80% done Checking example/example1.cpp ... 5/5 files checked 100% done
It allows you to analyze files that can pass the specified filter under a directory. You can select and analyze only the files that start with the word “test” under the test folder by using something like the following.
cppcheck . --file-filter=test/test*
Using the -i parameter, folders that are not wanted to be included in the analysis can be determined. The -i actually comes from the word “ignore” and makes the directory given the directory to be ignored during analysis. The example below it will not analyze the “test” folder.
cppcheck . -itest
The memory size allocated by operating systems and processors for some variables may differ from each other. To avoid such situations, you can choose Unix or Windows with the –platform parameter or define your own configuration file to use the standard defined values.
It can be used to specify a C / C ++ standard, it comes with c++20 by default, but this parameter can be entered if it is desired to be used in different versions. Available parameters: c89, c99, c11, c++03, c++11, c++14, c++17, c++20 (default)
In particular, if there is a feature to be ignored, it is useful to indicate it. As an example, the “missingIncludeSystem” parameter or the “memeak” parameter can be used. In this way, system files or memory leaks that cannot be found are not included.
If there are places specifically specified as comment lines in the code, it is a parameter that allows them to be included and checked.
After the static analysis process is completed, the result can be exported in xml format. In this way, you can present your output visually by using various visualization programs.
CppCheck has the option to check according to many different parameters. Style, Performance etc. If you want to control different parameters, you need to enter them as parameters, but the most preferred method is the “all” parameter. In this way, all possible situations can be checked.
I tried to mention the parameters simply. For more detailed information, you can review the documentation page of CppCheck.
With CppCheck, we made static analyses in our codes and checked them before compilation. In this way, we can try to prevent possible errors.