C++ code Analysis Tool

Question

Binod199 0 Newbie Poster

15 Years Ago

Hi,
I am looking for Code Analysis Tools to test ATL Projects using VS 2005. so far i have evalutated following tools:

1. FxCop
2. PREfast
3. Cppcheck

Problems i Faced with these tools:
when i use Fxcop it gives message "FxCop Engine failed to load". The project i am trying to evaluate having some unmanged code file.

When i try with PREFast, I found it is only for Drivers. It gives not any result.

Cppcheck version 1.28 i have downloaded. its also doesnot give any output.

I dont know whether i am not able the identify the correct tool, Or i am not able to use it properly. Please help.

Thanks

5 Contributors
7 Replies
293 Views
2 Years Discussion Span
Latest Post 12 Years Ago Latest Post by MastAvalons

All 7 Replies

MastAvalons 0 Newbie Poster

12 Years Ago

Hi,
am new to this tool. I searched in google, but couldn't get good one.
Could you please give info about how to use this tool?
Also need good presentation about this tool
Thanks,
SGS

there should be examples of how to use it at the deleaker's site. Look at.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

hyd_danmar 0 Newbie Poster · Answer 1 · 2009-03-03T13:09:49+00:00

Hello!

I am one of the cppcheck developers.

My guess is that you are using cppcheck correctly and that it doesn't find any bugs. The output when running it should be something like:

checking file1.c...
1/2 files checked 50% done
checking file2.c...
2/2 files checked 100% done

To get maximum amount of warnings, try this:

cppcheck --all --style --unused-functions path

Just replace the "path" with your own path.

Binod199 0 Newbie Poster · Answer 2 · 2009-03-03T19:04:36+00:00

Thanks a lot for the information that you have posted.

Yes i am getting similar kind of result.
But why not i m getting any warning or Error. Intentionally i am using undeclared variable. when i compile this project in VS 2008, it gives me error. But when i compile using Cppcheck it doesn't give any error. Result is following.

D:\FxCopTestProjects\Test2>cppcheck --all --style --unused-functions D:\FxCopTes
tProjects\Test2
Checking D:/FxCopTestProjects/Test2/Vector.cpp...
No errors found (1/1 files checked 100% done)
Checking usage of global functions (this may take several minutes)..

D:\FxCopTestProjects\Test2>

Am I using Cppcheck correctly, lets verify once.

I open Cppcheck (1.28) in VS 2008 and build it. Now i copy the cppcheck.exe and paste into Project Folder Test2. Test2 project having only one vector.cpp file. From command prompt i am running the cppcheck command.

Is this correct step to use Cppcheck.

Please reply me in next post, if something i am doing wrong.

hyd_danmar 0 Newbie Poster · Answer 3 · 2009-03-03T20:46:47+00:00

I believe you use cppcheck correctly.

cppcheck doesn't try to detect errors that are normally detected by compilers. So undeclared variables are ignored by cppcheck. You should turn up the compiler warnings to maximum even when you use cppcheck.

But with cppcheck you can detect many errors that compilers normally miss. Take a look at this code:

char *foo()
{
    char str[10];

    // array index out of bounds (the trailing zero is written at str[10])
    strcpy(str, "1234567890");

    // Array index out of bounds.. array[0xffffffffff]
    int array[256];
    char a = 0xff;
    array[a] = 0;

    // array index out of bounds
    for (unsigned int i = 0; i <= sizeof(str); i++)
        str[i] = 0;

    // unsigned division error, the result will not be -10
    unsigned int ten = 10;
    int result = -100 / ten;

    // unusual pointer arithmetic.. the abcde string will not get the value "abcde"
    std::string abcde = "abcd" + 'e';

    // sprintf: overlapping data used in input/output. the result is undefined
    sprintf(str, " %s", str);

    // mismatching allocation size..
    int *p = malloc(25);
    free(p);

    // mismatching allocation and deallocation..
    char *str2 = new char[100];
    delete str2;

    // resource leak..
    FILE *f = fopen("foo.txt", "wt");
    // no fclose

    std::list<unsigned int> ints1;
    std::list<unsigned int> ints2;
    ints1.push_back(1);
    ints1.push_back(2);
    ints1.push_back(3);
    // iterator loop problem.. the "ints2.end()" has a typo
    for (std::list<unsigned int>::iterator it = ints1.begin(); it != ints2.end(); it++)
    {
        /* ... */
    }

    // Returning pointer to local stack variable
    return str;
}

This was just a short example code that I wrote - cppcheck can detect many more problems than this.

JAGjug -2 Newbie Poster · Answer 4 · 2009-05-21T08:51:39+00:00

Maybe Deleaker will help you?
http://deleaker.com/

gunass 0 Newbie Poster · Answer 5 · 2010-05-11T12:22:46+00:00

Hi,

am new to this tool. I searched in google, but couldn't get good one.

Could you please give info about how to use this tool?

Also need good presentation about this tool

Thanks,
SGS

I believe you use cppcheck correctly.

cppcheck doesn't try to detect errors that are normally detected by compilers. So undeclared variables are ignored by cppcheck. You should turn up the compiler warnings to maximum even when you use cppcheck.

But with cppcheck you can detect many errors that compilers normally miss. Take a look at this code:

char *foo()
{
    char str[10];

    // array index out of bounds (the trailing zero is written at str[10])
    strcpy(str, "1234567890");

    // Array index out of bounds.. array[0xffffffffff]
    int array[256];
    char a = 0xff;
    array[a] = 0;

    // array index out of bounds
    for (unsigned int i = 0; i <= sizeof(str); i++)
        str[i] = 0;

    // unsigned division error, the result will not be -10
    unsigned int ten = 10;
    int result = -100 / ten;

    // unusual pointer arithmetic.. the abcde string will not get the value "abcde"
    std::string abcde = "abcd" + 'e';

    // sprintf: overlapping data used in input/output. the result is undefined
    sprintf(str, " %s", str);

    // mismatching allocation size..
    int *p = malloc(25);
    free(p);

    // mismatching allocation and deallocation..
    char *str2 = new char[100];
    delete str2;

    // resource leak..
    FILE *f = fopen("foo.txt", "wt");
    // no fclose

    std::list<unsigned int> ints1;
    std::list<unsigned int> ints2;
    ints1.push_back(1);
    ints1.push_back(2);
    ints1.push_back(3);
    // iterator loop problem.. the "ints2.end()" has a typo
    for (std::list<unsigned int>::iterator it = ints1.begin(); it != ints2.end(); it++)
    {
        /* ... */
    }

    // Returning pointer to local stack variable
    return str;
}

This was just a short example code that I wrote - cppcheck can detect many more problems than this.

hyd_danmar 0 Newbie Poster · Answer 6 · 2010-05-11T23:49:10+00:00

> Could you please give info about how to use this tool?
For those who uses the commandline tool I recommend the manual:
http://cppcheck.sf.net/manual.pdf

There is also a GUI available. It is simple to use.

There are also various plugins. There is a list of plugins at our wiki:
http://cppcheck.sf.net

C++ code Analysis Tool

Recommended Answers Collapse Answers

All 7 Replies

Recommended Answers