Cppcheck是一个C/C++代码分析工具,只检测那些编译器通常无法检测到的bug类型。
 
官方上建议让编译器提供尽量多的警告提示:
1.使用Visual C++的话,应使用警告等级4
2.使用GCC的话,参看Warning options - using GCC
 
当前版本:1.54 for windows
 
安装界面如下:
安装完后,双击cppcheckgui.exe启动其GUI程序:
工具栏第一个按钮 可以添加检测的目录,但是这里不支持中文路径。测试官方的例子,新建一个文件file1.c,内容如下:

];
    a[] ;
    ;
}

用此工具进行检测,结果如下图所示:

一下子就分析出了其中的警告和错误。用命令行检测的话,可以支持中文路径,效果如下图所示:
命令行方式,默认只显示错误的信息,使用--enable打开其他提示信息,如下:

cppcheck.exe --enable=all"E:\项目\测试"

在Visual Studio下使用的话,步骤如下:

1.在Visual Studio菜单栏"工具"→"外部工具",点击"添加",内容如下:

标题:Cppcheck
命令:D:\Program Files\Cppcheck\cppcheck.exe
参数:--enable=all--template=vs $(SolutionDir)
勾选"使用输出窗口"

2.使用时,点击"工具"→"Cppcheck"即可,如下图所示:

 
双击提示内容,即可定位到所在行。

附录:
1.cppcheck命令行参数
Syntax:

    cppcheck [OPTIONS] [files or paths]
 

If a directory is given instead of a filename, *.cpp, *.cxx, *.cc, *.c++, *.c, *.tpp, and *.txx files are checked recursively from the given directory.

--append=<file> This allows you to provide information about functions by providing an implementation for them.
--check-config Check cppcheck configuration. The normal code analysis is disabled by this flag.
-D<ID>  By default Cppcheck checks all configurations. Use -D to limit the checking to a particular configuration.
Example: '-DDEBUG=1 -D__cplusplus'.
-U<ID> By default Cppcheck checks all configurations. Use -U to explicitly hide certain #ifdef <ID> code paths from checking.
Example: '-UDEBUG'
--enable=<id> Enable additional checks. The available ids are:
* all
  Enable all checks
* style
  Enable all coding style checks. All messages with the severities 'style', 'performance' and 'portability' are enabled.
* performance
  Enable performance messages
* portability
  Enable portability messages
* information
  Enable information messages
* unusedFunction
  Check for unused functions
* missingInclude
  Warn if there are missing includes. For detailed information, use '--check-config'.
Several ids can be given if you separate them with commas. See also --std
--error-exitcode=<n> If errors are found, integer [n] is returned instead of the default '0'. '1' is returned if arguments are not valid or if no input files are provided. Note that your operating system can modify this value, e.g. '256' can become '0'.
--errorlist  Print a list of all the error messages in XML format.
--exitcode-suppressions=<file> Used when certain messages should be displayed but should not cause a non-zero exitcode.
--file-list=<file> Specify the files to check in a text file. Add one filename per line. When file is '-,' the file list will be read from standard input.
-f, --force Force checking of all configurations in files. If used together with '--max-ifdefs=', the last option is the one that is effective.
-h, --help Print this help.
-I <dir>   Give path to search for include files. Give several -I parameters to give several paths. First given path is searched for contained header files first. If paths are relative to source files, this is not needed.
--includes-file=<file> Specify directory paths to search for included header files in a text file. Add one include path per line. First given path is searched for contained header files first. If paths are relative to source files, this is not needed.
-i <dir or file>  Give a source file or source file directory to exclude from the check. This applies only to source files so header files included by source files are not matched. Directory name is matched to all parts of the path.
--inline-suppr Enable inline suppressions. Use them by placing one or more comments, like: '// cppcheck-suppress warningId' on the lines before the warning to suppress.
-j <jobs>  Start [jobs] threads to do the checking simultaneously.
--max-configs=<limit> Maximum number of configurations to check in a file before skipping it. Default is '12'. If used together with '--force', the last option is the one that is effective.
--platform=<type> Specifies platform specific types and sizes. The available platforms are:
* unix32
32 bit unix variant
* unix64
64 bit unix variant
* win32A
32 bit Windows ASCII character encoding
* win32W
32 bit Windows UNICODE character encoding
* win64
64 bit Windows
-q, --quiet Only print error messages.
-rp, --relative-paths
-rp=<paths>, --relative-paths=<paths>
Use relative paths in output. When given, <paths> are used as base. You can separate multiple paths by ';'. Otherwise path where source files are searched is used. We use string comparison to create relative paths, so using e.g. ~ for home folder does not work. It is currently only possible to apply the base paths to files that are on a lower level in the directory tree.
--report-progress  Report progress messages while checking a file.
--rule=<rule> Match regular expression.
--rule-file=<file> Use given rule file. For more information, see: https://sourceforge.net/projects/cppcheck/files/Articles/
-s, --style Deprecated, please use '--enable=style' instead
--std=<id> Enable some standard related checks.
The available options are:
* posix
Checks related to POSIX-specific functionality
* c99
C99 standard related checks
* c++11
C++11 standard related checks
Example to enable more than one checks:
'cppcheck --std=c99 --std=posix file.cpp'
--suppress=<spec>  Suppress warnings that match <spec>. The format of <spec> is:
[error id]:[filename]:[line]
The [filename] and [line] are optional. If [error id] is a wildcard '*', all error ids match.
--suppressions-list=<file> Suppress warnings listed in the file. Each suppression is in the same format as <spec> above.
--template='<text>' Format the error messages. E.g.
'{file}:{line},{severity},{id},{message}' or '{file}({line}):({severity}) {message}'
Pre-defined templates: gcc, vs, edit.
-v, --verbose Output more detailed error information.
--version Print out version number.
--xml   Write results in xml format to error stream (stderr).
--xml-version=<version> Select the XML file version. Currently versions 1 and 2 are available. The default version is 1.
 
Example usage:

  # Recursively check the current folder. Print the progress on the screen and write errors to a file:
    cppcheck . 2> err.txt
  # Recursively check ../myproject/ and don't print progress:
    cppcheck --quiet ../myproject/
  # Check only files one.cpp and two.cpp and give all information there is:
    cppcheck -v -s one.cpp two.cpp
  # Check f.cpp and search include files from inc1/ and inc2/:

cppcheck -I inc1/ -I inc2/ f.cpp


2.检测内容

64-bit portability

Check if there is 64-bit portability issues:

  • assign address to/from int/long

Auto Variables

A pointer to a variable is only valid as long as the variable is in scope. Check:

  • returning a pointer to auto or temporary variable
  • assigning address of an variable to an effective parameter of a function
  • returning reference to local/temporary variable
  • returning address of function parameter

Boost usage

Check for invalid usage of Boost:

  • container modification during BOOST_FOREACH

Bounds checking

out of bounds checking

Class

Check the code for each class.

  • Missing constructors
  • Are all variables initialized by the constructors?
  • Warn if memset, memcpy etc are used on a class
  • If it's a base class, check that the destructor is virtual
  • Are there unused private functions
  • 'operator=' should return reference to self
  • 'operator=' should check for assignment to self
  • Constness for member functions

Exception Safety

Checking exception safety

  • Throwing exceptions in destructors
  • Throwing exception during invalid state
  • Throwing a copy of a caught exception instead of rethrowing the original exception
  • exception caught by value instead of by reference

Match assignments and conditions

Match assignments and conditions:

  • Mismatching assignment and comparison => comparison is always true/false
  • Mismatching lhs and rhs in comparison => comparison is always true/false
  • Detect matching 'if' and 'else if' conditions

Memory leaks (address not taken)

Not taking the address to allocated memory

Memory leaks (class variables)

If the constructor allocate memory then the destructor must deallocate it.

Memory leaks (function variables)

Is there any allocated memory when a function goes out of scope

Memory leaks (struct members)

Don't forget to deallocate struct members

Non reentrant functions

Warn if any of these non reentrant functions are used:

  • crypt
  • ctermid
  • ecvt
  • fcvt
  • fgetgrent
  • fgetpwent
  • fgetspent
  • gcvt
  • getgrent
  • getgrgid
  • getgrnam
  • gethostbyaddr
  • gethostbyname
  • gethostbyname2
  • gethostent
  • getlogin
  • getnetbyaddr
  • getnetbyname
  • getnetgrent
  • getprotobyname
  • getpwent
  • getpwnam
  • getpwuid
  • getrpcbyname
  • getrpcbynumber
  • getrpcent
  • getservbyname
  • getservbyport
  • getservent
  • getspent
  • getspnam
  • gmtime
  • localtime
  • readdir
  • strtok
  • tempnam
  • ttyname

Null pointer

Null pointers

  • null pointer dereferencing

Obsolete functions

Warn if any of these obsolete functions are used:

  • asctime
  • asctime_r
  • bcmp
  • bcopy
  • bsd_signal
  • bzero
  • ctime
  • ctime_r
  • ecvt
  • fcvt
  • ftime
  • gcvt
  • getcontext
  • gethostbyaddr
  • gethostbyname
  • getwd
  • index
  • makecontext
  • pthread_attr_getstackaddr
  • pthread_attr_setstackaddr
  • rand_r
  • rindex
  • scalbln
  • swapcontext
  • tmpnam
  • tmpnam_r
  • ualarm
  • usleep
  • utime
  • vfork
  • wcswcs

Other

Other checks

  • Assigning bool value to pointer (converting bool value to address)
  • bad usage of the function 'sprintf' (overlapping data)
  • division with zero
  • using fflush() on an input stream
  • scoped object destroyed immediately after construction
  • assignment in an assert statement
  • sizeof for array given as function argument
  • sizeof for numeric given as function argument
  • using sizeof(pointer) instead of the size of pointed data
  • incorrect length arguments for 'substr' and 'strncmp'
  • invalid usage of output stream. For example: std::cout << std::cout;'
  • wrong number of arguments given to 'printf' or 'scanf;'
  • double free() or double closedir()
  • C-style pointer cast in cpp file
  • casting between incompatible pointer types
  • redundant if
  • bad usage of the function 'strtol'
  • unsigned division
  • Dangerous usage of 'scanf'
  • passing parameter by value
  • Incomplete statement
  • check how signed char variables are used
  • variable scope can be limited
  • condition that is always true/false
  • unusal pointer arithmetic. For example: "abc" + 'd'
  • redundant assignment in a switch statement
  • redundant strcpy in a switch statement
  • look for 'sizeof sizeof ..'
  • look for calculations inside sizeof()
  • assignment of a variable to itself
  • mutual exclusion over || always evaluating to true
  • Clarify calculation with parentheses
  • using increment on boolean
  • comparison of a boolean with a non-zero integer
  • comparison of a boolean expression with an integer other than 0 or 1
  • suspicious condition (assignment+comparison)
  • suspicious condition (runtime comparison of string literals)
  • suspicious condition (string literals as boolean)
  • duplicate break statement
  • unreachable code
  • testing if unsigned variable is negative
  • testing is unsigned variable is positive
  • using bool in bitwise expression
  • Suspicious use of ; at the end of 'if/for/while' statement.
  • incorrect usage of functions from ctype library.
  • optimisation: detect post increment/decrement

STL usage

Check for invalid usage of STL:

  • out of bounds errors
  • misuse of iterators when iterating through a container
  • mismatching containers in calls
  • dereferencing an erased iterator
  • for vectors: using iterator/pointer after push_back has been used
  • optimisation: use empty() instead of size() to guarantee fast code
  • suspicious condition when using find
  • redundant condition
  • common mistakes when using string::c_str()
  • using auto pointer (auto_ptr)
  • useless calls of string functions

Uninitialized variables

Uninitialized variables

  • using uninitialized variables and data

Unused functions

Check for functions that are never called

UnusedVar

UnusedVar checks

  • unused variable
  • allocated but unused variable
  • unred variable
  • unassigned variable
  • unused struct member

Using postfix operators

Warn if using postfix operators ++ or -- rather than prefix operator

Cppcheck 1.54 C/C++静态代码分析工具的更多相关文章

  1. 常用 Java 静态代码分析工具的分析与比较

    常用 Java 静态代码分析工具的分析与比较 简介: 本文首先介绍了静态代码分析的基 本概念及主要技术,随后分别介绍了现有 4 种主流 Java 静态代码分析工具 (Checkstyle,FindBu ...

  2. C++静态代码分析工具推荐——PVS-Studio

    长假归来,最近一直没更新,节前本来就想写这篇了,一直到今天才有时间. 关于静态代码分析在维基百科上可以查到很详细的介绍:https://en.wikipedia.org/wiki/List_of_to ...

  3. [转载] 常用 Java 静态代码分析工具的分析与比较

    转载自http://www.oschina.net/question/129540_23043 简介: 本文首先介绍了静态代码分析的基本概念及主要技术,随后分别介绍了现有 4 种主流 Java 静态代 ...

  4. 来试试这个来自静态代码分析工具PVS Studio提供C++的小测验吧

    博客搬到了fresky.github.io - Dawei XU,请各位看官挪步.最新的一篇是:来试试这个来自静态代码分析工具PVS Studio提供C++的小测验吧.

  5. 【转载】常用 Java 静态代码分析工具的分析与比较

    摘自:http://www.oschina.net/question/129540_23043常用 Java 静态代码分析工具的分析与比较 简介: 本文首先介绍了静态代码分析的基本概念及主要技术,随后 ...

  6. java静态代码分析工具infer

    infer是一个静态代码分析工具,探测bugs. 主要支持Java.C/C++ 安装:brew install infer 在线展示:https://codeboard.io/projects/115 ...

  7. Https与Http,SSL,DevOps, 静态代码分析工具,RFID, SSH, 非对称加密算法(使用最广泛的一种是RSA), 数字签名, 数字证书

    在URL前加https://前缀表明是用SSL加密的. 你的电脑与服务器之间收发的信息传输将更加安全. Web服务器启用SSL需要获得一个服务器证书并将该证书与要使用SSL的服务器绑定. http和h ...

  8. Eclipse插件(导出UML图,打开文件资源管理器插件,静态代码分析工具PMD,在eclipse上安装插件)

    目录 能够导出UML图的Eclipse插件 打开文件资源管理器插件 Java静态代码分析工具PMD 如何在eclipse上安装插件 JProfiler性能分析工具 从更新站点安装EclEmma 能够导 ...

  9. Android 静态代码分析工具

    简评: 作者在文中提到的三个静态代码分析工具不是互相替代的关系,各有各的侧重点,如果有需要完全可以同时使用. 静态代码分析是指无需运行被测代码,仅通过分析或检查源程序的语法.结构.过程.接口等来检查程 ...

随机推荐

  1. 转:requirejs2.0新特性介绍

    就在前天晚上RequireJS发布了一个大版本,直接从version1.0.8升级到了2.0.随后的几小时James Burke又迅速的将版本调整为2.0.1,当然其配套的打包压缩工具r.js也同时升 ...

  2. python中的class

    尽管Python在Function Programming中有着其他语言难以企及的的优势,但是我们也不要忘了Python也是一门OO语言哦.因此我们关注Python在FP上的优势的同时,还得了解一下P ...

  3. 利用KVC使用自定义的控件

    KVC简单使用: 可以用来设置属性的值例如有个Person类下有个属性name [self setvalue:@"yourname" forkey:@"name" ...

  4. c++,static 静态成员变量 / 静态成员函数

    静态成员变量: //静态成员变量(static) // //1.如果想在同类的多个对象之间实现数据共享 ,可以用静态 //成员变量,即用static修饰的成员变量,例 static int a; // ...

  5. 网络编程(UDP协议-聊天程序)

    网络编程中的UDP协议中聊天程序,发送端口,和接受端口. 发送端口(Send): <span style="font-size:18px;">package cn.it ...

  6. 浙江工商大学15年校赛E题 无邪的飞行棋 【经典背包】

    无邪的飞行棋 Time Limit 1s Memory Limit 64KB Judge Program Standard Ratio(Solve/Submit) 15.38%(4/26) Descr ...

  7. 2014 HDU多校弟六场J题 【模拟斗地主】

    这是一道5Y的题目 有坑的地方我已在代码中注释好了 QAQ Ps:模拟题还是练的太少了,速度不够快诶 //#pragma comment(linker, "/STACK:16777216&q ...

  8. tomcat配置管理用户名密码

    tomcat6默认是将用户是注释的 配置文件在根目录下/conf/tomcat-users.xml文件中 配置默认如下: <!--  <role rolename="tomcat ...

  9. Genymotion Unable to create Virtual Device:Connection timeout

    1.进入C:\Users\[UserName]\AppData\Local\Genymobile,打开genymotion.log,找到最后几句话:     九月 2 14:29:45 [Genymo ...

  10. 一个load飙高的过程分析,非常有价值(转)

    关于us高和sy高的问题分析: 当us值过高时,表示运行的应用消耗大量的CPU.java应用造成us高的原因主要是线程一直处于可运行(Runnable)状态,通常这些线程在执行无阻塞.循环.正则或纯粹 ...