0

Hi,
I am looking for Code Analysis Tools to test ATL Projects using VS 2005. so far i have evalutated following tools:

1. FxCop
2. PREfast
3. Cppcheck

Problems i Faced with these tools:
when i use Fxcop it gives message "FxCop Engine failed to load". The project i am trying to evaluate having some unmanged code file.

When i try with PREFast, I found it is only for Drivers. It gives not any result.

Cppcheck version 1.28 i have downloaded. its also doesnot give any output.

I dont know whether i am not able the identify the correct tool, Or i am not able to use it properly. Please help.

Thanks

5
Contributors
7
Replies
8
Views
8 Years
Discussion Span
Last Post by MastAvalons
0

Hello!

I am one of the cppcheck developers.

My guess is that you are using cppcheck correctly and that it doesn't find any bugs. The output when running it should be something like:

checking file1.c...
1/2 files checked 50% done
checking file2.c...
2/2 files checked 100% done

To get maximum amount of warnings, try this:

cppcheck --all --style --unused-functions path

Just replace the "path" with your own path.

0

Thanks a lot for the information that you have posted.

Yes i am getting similar kind of result.
But why not i m getting any warning or Error. Intentionally i am using undeclared variable. when i compile this project in VS 2008, it gives me error. But when i compile using Cppcheck it doesn't give any error. Result is following.

D:\FxCopTestProjects\Test2>cppcheck --all --style --unused-functions D:\FxCopTes
tProjects\Test2
Checking D:/FxCopTestProjects/Test2/Vector.cpp...
No errors found (1/1 files checked 100% done)
Checking usage of global functions (this may take several minutes)..

D:\FxCopTestProjects\Test2>


Am I using Cppcheck correctly, lets verify once.

I open Cppcheck (1.28) in VS 2008 and build it. Now i copy the cppcheck.exe and paste into Project Folder Test2. Test2 project having only one vector.cpp file. From command prompt i am running the cppcheck command.

Is this correct step to use Cppcheck.

Please reply me in next post, if something i am doing wrong.

0

I believe you use cppcheck correctly.

cppcheck doesn't try to detect errors that are normally detected by compilers. So undeclared variables are ignored by cppcheck. You should turn up the compiler warnings to maximum even when you use cppcheck.

But with cppcheck you can detect many errors that compilers normally miss. Take a look at this code:

char *foo()
{
    char str[10];

    // array index out of bounds (the trailing zero is written at str[10])
    strcpy(str, "1234567890");

    // Array index out of bounds.. array[0xffffffffff]
    int array[256];
    char a = 0xff;
    array[a] = 0;

    // array index out of bounds
    for (unsigned int i = 0; i <= sizeof(str); i++)
        str[i] = 0;

    // unsigned division error, the result will not be -10
    unsigned int ten = 10;
    int result = -100 / ten;

    // unusual pointer arithmetic.. the abcde string will not get the value "abcde"
    std::string abcde = "abcd" + 'e';

    // sprintf: overlapping data used in input/output. the result is undefined
    sprintf(str, " %s", str);

    // mismatching allocation size..
    int *p = malloc(25);
    free(p);

    // mismatching allocation and deallocation..
    char *str2 = new char[100];
    delete str2;

    // resource leak..
    FILE *f = fopen("foo.txt", "wt");
    // no fclose

    std::list<unsigned int> ints1;
    std::list<unsigned int> ints2;
    ints1.push_back(1);
    ints1.push_back(2);
    ints1.push_back(3);
    // iterator loop problem.. the "ints2.end()" has a typo
    for (std::list<unsigned int>::iterator it = ints1.begin(); it != ints2.end(); it++)
    {
        /* ... */
    }

    // Returning pointer to local stack variable
    return str;
}

This was just a short example code that I wrote - cppcheck can detect many more problems than this.

-2

Hi,

am new to this tool. I searched in google, but couldn't get good one.

Could you please give info about how to use this tool?

Also need good presentation about this tool

Thanks,
SGS


I believe you use cppcheck correctly.

cppcheck doesn't try to detect errors that are normally detected by compilers. So undeclared variables are ignored by cppcheck. You should turn up the compiler warnings to maximum even when you use cppcheck.

But with cppcheck you can detect many errors that compilers normally miss. Take a look at this code:

char *foo()
{
    char str[10];

    // array index out of bounds (the trailing zero is written at str[10])
    strcpy(str, "1234567890");

    // Array index out of bounds.. array[0xffffffffff]
    int array[256];
    char a = 0xff;
    array[a] = 0;

    // array index out of bounds
    for (unsigned int i = 0; i <= sizeof(str); i++)
        str[i] = 0;

    // unsigned division error, the result will not be -10
    unsigned int ten = 10;
    int result = -100 / ten;

    // unusual pointer arithmetic.. the abcde string will not get the value "abcde"
    std::string abcde = "abcd" + 'e';

    // sprintf: overlapping data used in input/output. the result is undefined
    sprintf(str, " %s", str);

    // mismatching allocation size..
    int *p = malloc(25);
    free(p);

    // mismatching allocation and deallocation..
    char *str2 = new char[100];
    delete str2;

    // resource leak..
    FILE *f = fopen("foo.txt", "wt");
    // no fclose

    std::list<unsigned int> ints1;
    std::list<unsigned int> ints2;
    ints1.push_back(1);
    ints1.push_back(2);
    ints1.push_back(3);
    // iterator loop problem.. the "ints2.end()" has a typo
    for (std::list<unsigned int>::iterator it = ints1.begin(); it != ints2.end(); it++)
    {
        /* ... */
    }

    // Returning pointer to local stack variable
    return str;
}

This was just a short example code that I wrote - cppcheck can detect many more problems than this.

0

Hi,

am new to this tool. I searched in google, but couldn't get good one.

Could you please give info about how to use this tool?

Also need good presentation about this tool

Thanks,
SGS

there should be examples of how to use it at the deleaker's site. Look at.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.