Cppcheck is an analysis tool for C/C++code. Unlike C/C++ compilers and many other analysis tools, it doesn’t detect syntax errors. Cppcheck only detects the types of bugs that the compilers normally fail to detect. The goal is no false positives.
Cppcheck is rarely wrong about reported errors. But there are many bugs that it doesn’t detect.
它可以檢查不通過編譯的文件。
執行的檢查包括:
(1)、自動變量檢查;(2)、數組的邊界檢查;(3)、class類檢查;(4)、過期的函數,廢棄函數調用檢查;(5)、異常內存使用,釋放檢查;(6)、內存泄漏檢查,主要是通過內存引用指針;(7)、操作系統資源釋放檢查,中斷,文件描述符等;(8)、異常STL 函數使用檢查;(9)、代碼格式錯誤,以及性能因素檢查。
安裝步驟:
(1)、從http://sourceforge.net/projects/cppcheck/下載最新版本cppcheck-1.58-x86-Setup.msi,將其安裝到D:\ProgramFiles\Cppcheck路徑下(注意:不要包含中文路徑,也可以從https://github.com/danmar/cppcheck/ 下載源代碼);
(2)、打開vs2008,Tools-->ExternalTools-->點擊Add,Title:Cppcheck;Command:D:\ProgramFiles\Cppcheck\cppcheck.exe;Argments:--quiet --verbose --template=vs$(ItemPath);Initial directory:$(ItemDir);選中Use Output window;點擊OK.
例如,在F:\test\Cppcheck文件夾下創建了一個Cppcheck工程,F:\test\Cppcheck\Cppcheck文件夾下存放着一些.cpp文件:
- #include "stdafx.h"
- #include <iostream>
- using namespace std;
- int *p;
- int fun1(int sz)
- {
- delete [] p;
- //Exception thrown in invalid state, 'p' points at deallocated memory.
- if (sz <= 0)
- {
- throw std::runtime_error("size <= 0");
- }
- p = new int[sz];
- }
- void *CreateFred()
- {
- return malloc(100);
- }
- void DestroyFred(void *p)
- {
- free(p);
- }
- void f(int x)
- {
- //(style) Variable ’i’ is assigned a value that is never used
- //(style) The scope of the variable i can be reduced
- int i;
- if (x == 0)
- {
- i = 0;
- }
- }
- void foo(int x)
- {
- void *f = CreateFred();
- if (x == 1)
- {
- return;
- }
- //Memory leak: f
- DestroyFred(f);
- }
- int _tmain(int argc, _TCHAR* argv[])
- {
- //error: Array 'a[10]' accessed at index 10, which is out of bounds.
- //Variable 'a' is assigned a value that is never used.
- char a[10];
- a[10] = 0;
- return 0;
- }
(1)、checking all files in a folder:
D:\ProgramFiles\Cppcheck>cppcheckF:\test\Cppcheck\Cppcheck
(2)、stylistic issues(with --enable=style you enable most warning, styleand performance messages):
D:\ProgramFiles\Cppcheck>cppcheck--enable=style F:\test\Cppcheck\Cppcheck\Cppcheck.cpp
(3)、unused functions:
D:\ProgramFiles\Cppcheck>cppcheck--enable=unusedFunction F:\test\Cppcheck\Cppcheck
(4)、enable all checks:
D:\ProgramFiles\Cppcheck>cppcheck--enable=all F:\test\Cppcheck\Cppcheck
(5)、saving results in file:
D:\ProgramFiles\Cppcheck>cppcheck --enable=allF:\test\Cppcheck\Cppcheck 2> F:\test\Cppcheck\Cppcheck\err.txt
(6)、multithreaded checking(use 2 threads to check a folder):
D:\ProgramFiles\Cppcheck>cppcheck-j 2 F:\test\Cppcheck\Cppcheck
(7)、xml output:
D:\ProgramFiles\Cppcheck>cppcheck--xml-version=2 F:\test\Cppcheck\Cppcheck\Cppcheck.cpp
(8)、reformatting the output(to get Visual Studio compatible output):
D:\ProgramFiles\Cppcheck>cppcheck--template=vs F:\test\Cppcheck\Cppcheck\Cppcheck.cpp參考文獻:
1、http://sourceforge.net/apps/mediawiki/cppcheck/index.php?title=Main_Page
2、http://blog.csdn.net/akof1314/article/details/7477014
3、http://www.cppblog.com/jinq0123/archive/2012/04/10/170739.html
4、http://blog.sina.com.cn/s/blog_7a4cdec80100s661.html
5、http://avitebskiy.blogspot.tw/2012/10/poor-mans-visual-studio-cppcheck.html
代碼檢查工具列表:
1、http://en.wikibooks.org/wiki/Introduction_to_Software_Engineering/Tools/Static_Code_Analysis
2、http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis
3、http://www.cert.org/secure-coding/tools.html
5、http://www.kuqin.com/testing/20111116/314953.html
from:http://blog.csdn.net/fengbingchun/article/details/8887843