static analysis of C/C++ code
Go to file
2024-09-19 10:15:31 +02:00
.github/workflows CI: Run all github actions on commits in release branches (#6777) 2024-09-07 11:06:04 +02:00
addons Fix #12978: false positive : Misra C 8.4: extern variables with structs (#6655) 2024-08-02 20:39:50 +02:00
cfg Fix #13108 FP invalidContainer when constructing container from iterators (#6811) 2024-09-19 10:15:31 +02:00
cli some XML parsing cleanups (#6515) 2024-09-18 20:33:47 +02:00
cmake removed support for Python 2.7 / small cleanups (#6804) 2024-09-16 15:57:56 +02:00
democlient 2.15.0: Update copyright year [ci skip] (#6749) 2024-08-31 13:16:34 +02:00
externals bumped simplecpp to 1.1.3 (#6422) 2024-05-23 14:05:09 +02:00
gui Update Japanese Translation (#6779) 2024-09-08 00:09:14 +02:00
htmlreport removed support for Python 2.7 / small cleanups (#6804) 2024-09-16 15:57:56 +02:00
lib Fix #13108 FP invalidContainer when constructing container from iterators (#6811) 2024-09-19 10:15:31 +02:00
man bumped version to 2.15.99/2.16 (#6760) 2024-09-02 13:15:38 +02:00
oss-fuzz ValueFlow: extracted valueFlowInferCondition() into separate file (#6782) 2024-09-08 12:18:01 +02:00
platforms made platforms file validation stricter / added missing bool elements (#4747) 2023-01-27 08:34:12 +01:00
rules Activated 'make validateRules' and improved rule XML file parsing. Now, it optionally accepts '<rules>...</rules>' tags to make xmllint happy. 2022-06-22 00:03:18 +02:00
samples added test to make sure samples produce the expected output / adjusted samples output and small cleanup (#6180) 2024-03-24 16:07:43 +01:00
snap Fix permissions of certain non-executable files (#1083) 2018-02-09 19:46:38 +01:00
test Fix #13108 FP invalidContainer when constructing container from iterators (#6811) 2024-09-19 10:15:31 +02:00
tools fixed #13066 - Makefile: need to use override when appending to variable specified on the command-line (#6765) 2024-09-18 13:01:04 +02:00
valgrind Add Valgrind CI action (#2921) 2020-12-07 08:41:25 +01:00
win_installer bumped version to 2.15.99/2.16 (#6760) 2024-09-02 13:15:38 +02:00
.clang-tidy fixed and enabled readability-avoid-const-params-in-decls clang-tidy warnings (#4861) 2024-08-16 13:21:20 +02:00
.codacy.yml renamed some files in the test folder (#4705) 2023-01-27 08:18:32 +01:00
.gitattributes added .gitattributes and normalized files (#4668) 2022-12-30 21:33:45 +01:00
.gitignore .gitignore: added .gdbinit [skip ci] (#6439) 2024-05-25 10:11:00 +02:00
.mailmap Revert "Revert "Add a .mailmap file."" 2013-10-04 18:03:18 +02:00
.pylintrc enabled and mitigated part of the remaining pylint messages (#6512) 2024-07-21 12:41:55 +02:00
.selfcheck_suppressions use more granular suppressions in selfcheck and prefer inline suppressions (#5703) 2023-12-01 15:59:01 +01:00
.selfcheck_unused_suppressions Fix #10660 FP: overridden member functions of unknown abstract base classes reported as unused (#6564) 2024-07-04 09:44:00 +02:00
.travis.yml Moved some stuff from Travis to GitHub Actions / Cleanups (#3715) 2022-05-31 19:53:50 +02:00
.uncrustify.cfg Format with uncrustify (#3388) 2021-08-07 20:51:18 +02:00
AUTHORS AUTHORS: cconverse711 [ci skip] (#6755) 2024-08-31 15:50:47 +02:00
build-pcre.txt added .gitattributes and normalized files (#4668) 2022-12-30 21:33:45 +01:00
clang-tidy.md fixed and enabled readability-avoid-const-params-in-decls clang-tidy warnings (#4861) 2024-08-16 13:21:20 +02:00
CMakeLists.txt bumped version to 2.15.99/2.16 (#6760) 2024-09-02 13:15:38 +02:00
codecov.yml disabled codecov comments and actions for now (#4896) 2023-03-16 19:24:33 +01:00
console_common.pri pro and pri files: remove unneeded empty lines, use spaces for consistency 2012-10-12 17:46:57 +02:00
COPYING
cppcheck-errors.rng Readd cppcheck-errors.rng 2021-06-19 19:44:36 +02:00
cppcheck.cppcheck renamed some files in the test folder (#4705) 2023-01-27 08:18:32 +01:00
cppcheck.sln tools: moved dmake to its own folder (#5873) 2024-01-13 16:20:40 +01:00
cppcheckpremium-suppressions CI: remove unneeded cppcheck premium suppressions (#6702) 2024-08-15 22:53:12 +02:00
createrelease createrelease: updates after 2.15.0 release (#6758) 2024-08-31 21:42:18 +02:00
doxyfile Fix typos (#1568) 2019-01-06 17:15:57 +01:00
generate_coverage_report rename externals/tinyxml to externals/tinyxml2 2020-11-16 09:11:53 +01:00
Makefile fixed #13066 - Makefile: need to use override when appending to variable specified on the command-line (#6765) 2024-09-18 13:01:04 +02:00
naming.json Check for JSON error when parsing addon .json files + fixes (#2374) 2019-11-20 15:37:09 +01:00
philosophy.md philosophy.md: minor tweaks. add section about usability. [ci skip] (#5730) 2023-12-06 11:13:42 +01:00
readme.md announced removal of qmake support [skip ci] (#6744) 2024-08-31 11:40:57 +02:00
readme.txt header file path required for picojson (#5040) 2023-05-07 08:29:38 +02:00
readmeja.md added MinGW to CI and fixed local MinGW build (#3826) 2022-02-16 07:06:04 +01:00
releasenotes.txt removed support for Python 2.7 / small cleanups (#6804) 2024-09-16 15:57:56 +02:00
requirements.txt Install pcre from github since the ftp.pcre.org site is no longer available (#3546) 2021-11-06 19:05:16 +01:00
runformat runformat: improve instructions [ci skip] (#5833) 2024-01-05 10:06:10 +01:00
webreport.sh fixed/excluded some shellcheck warnings and actually fail the build when something is found (#3068) 2021-01-20 18:43:49 +01:00

Cppcheck

OSS-Fuzz Coverity Scan Build Status License
OSS-Fuzz Coverity Scan Build Status License

About the name

The original name of this program was "C++check", but it was later changed to "Cppcheck".

Despite the name, Cppcheck is designed for both C and C++.

Manual

A manual is available online.

Donate CPU

Cppcheck is a hobby project with limited resources. You can help us by donating CPU (1 core or as many as you like). It is simple:

  1. Download (and extract) Cppcheck source code.
  2. Run:
    cd cppcheck/
    virtualenv .env
    .env/bin/pip install -r tools/donate-cpu-requirements.txt
    .env/bin/python tools/donate-cpu.py
    

The script will analyse debian source code and upload the results to a cppcheck server. We need these results both to improve Cppcheck and to detect regressions.

You can stop the script whenever you like with Ctrl C.

Compiling

Cppcheck requires a C++ compiler with (partial) C++11 support. Minimum required versions are GCC 5.1 / Clang 3.5 / Visual Studio 2015.

To build the GUI application, you need to use the CMake or qmake (deprecated) build system.

When building the command line tool, PCRE is optional. It is used if you build with rules.

There are multiple compilation choices:

  • qmake - cross platform build tool (deprecated)
  • CMake - cross platform build tool
  • Windows: Visual Studio
  • Windows: Qt Creator + MinGW
  • GNU make
  • GCC (g++)
  • Clang (clang++)

CMake

The minimum required version is CMake 3.5.

Example, compiling Cppcheck with cmake:

mkdir build
cd build
cmake ..
cmake --build .

If you want to compile the GUI you can use the flag. -DBUILD_GUI=ON

For rules support (requires pcre) use the flag. -DHAVE_RULES=ON

For release builds it is recommended that you use: -DUSE_MATCHCOMPILER=ON

For building the tests use the flag. -DBUILD_TESTS=ON

Using cmake you can generate project files for Visual Studio,XCode,etc.

Building a specific configuration

For single-configuration generators (like "Unix Makefiles") you can generate and build a specific configuration (e.g. "RelWithDebInfo") using:

mkdir build_RelWithDebInfo
cd build_RelWithDebInfo
cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo ..
cmake --build . --config RelWithDebInfo

For multi-configuration generators (like "Visual Studio 17 2022") the same is achieved using:

mkdir build
cd build
cmake ..
cmake --build . --config RelWithDebInfo

qmake

NOTE: This has been deprecated and will be removed in Cppcheck 2.16. Please use CMake instead.

You can use the gui/gui.pro file to build the GUI.

cd gui
qmake
make

Visual Studio

Use the cppcheck.sln file. The file is configured for Visual Studio 2019, but the platform toolset can be changed easily to older or newer versions. The solution contains platform targets for both x86 and x64.

To compile with rules, select "Release-PCRE" or "Debug-PCRE" configuration. pcre.lib (pcre64.lib for x64 builds) and pcre.h are expected to be in /externals then. A current version of PCRE for Visual Studio can be obtained using vcpkg.

Visual Studio (from command line)

If you do not wish to use the Visual Studio IDE, you can compile cppcheck from the command line the following command.

msbuild cppcheck.sln

VS Code (on Windows)

Install MSYS2 to get GNU toolchain with g++ and gdb (https://www.msys2.org/). Create a settings.json file in the .vscode folder with the following content (adjust path as necessary):

{
    "terminal.integrated.shell.windows": "C:\\msys64\\usr\\bin\\bash.exe",
    "terminal.integrated.shellArgs.windows": [
        "--login",
    ],
    "terminal.integrated.env.windows": {
        "CHERE_INVOKING": "1",
        "MSYSTEM": "MINGW64",
    }
}

Run "make" in the terminal to build cppcheck.

For debugging create a launch.json file in the .vscode folder with the following content, which covers configuration for debugging cppcheck and misra.py:

{
    // Use IntelliSense to learn about possible attributes.
    // Hover to view descriptions of existing attributes.
    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
    "version": "0.2.0",
    "configurations": [
        {
            "name": "cppcheck",
            "type": "cppdbg",
            "request": "launch",
            "program": "${workspaceFolder}/cppcheck.exe",
            "args": [
                "--dump",
                "${workspaceFolder}/addons/test/misra/misra-test.c"
            ],
            "stopAtEntry": false,
            "cwd": "${workspaceFolder}",
            "environment": [],
            "externalConsole": true,
            "MIMode": "gdb",
            "miDebuggerPath": "C:/msys64/mingw64/bin/gdb.exe",
            "setupCommands": [
                {
                    "description": "Enable pretty-printing for gdb",
                    "text": "-enable-pretty-printing",
                    "ignoreFailures": true
                }
            ]
        },
        {
            "name": "misra.py",
            "type": "python",
            "request": "launch",
            "program": "${workspaceFolder}/addons/misra.py",
            "console": "integratedTerminal",
            "args": [
                "${workspaceFolder}/addons/test/misra/misra-test.c.dump"
            ]
        }
    ]
}

Qt Creator + MinGW

The PCRE dll is needed to build the CLI. It can be downloaded here: http://software-download.name/pcre-library-windows/

GNU make

Simple, unoptimized build (no dependencies):

make

The recommended release build is:

make MATCHCOMPILER=yes FILESDIR=/usr/share/cppcheck HAVE_RULES=yes CXXFLAGS="-O2 -DNDEBUG -Wall -Wno-sign-compare -Wno-unused-function"

Flags:

  1. MATCHCOMPILER=yes Python is used to optimise cppcheck. The Token::Match patterns are converted into C++ code at compile time.

  2. FILESDIR=/usr/share/cppcheck Specify folder where cppcheck files are installed (addons, cfg, platform)

  3. HAVE_RULES=yes Enable rules (PCRE is required if this is used)

  4. CXXFLAGS="-O2 -DNDEBUG -Wall -Wno-sign-compare -Wno-unused-function" Enables most compiler optimizations, disables cppcheck-internal debugging code and enables basic compiler warnings.

g++ (for experts)

If you just want to build Cppcheck without dependencies then you can use this command:

g++ -o cppcheck -std=c++11 -Iexternals -Iexternals/simplecpp -Iexternals/tinyxml2 -Iexternals/picojson -Ilib cli/*.cpp lib/*.cpp externals/simplecpp/simplecpp.cpp externals/tinyxml2/*.cpp

If you want to use --rule and --rule-file then dependencies are needed:

g++ -o cppcheck -std=c++11 -lpcre -DHAVE_RULES -Ilib -Iexternals -Iexternals/simplecpp -Iexternals/tinyxml2 cli/*.cpp lib/*.cpp externals/simplecpp/simplecpp.cpp externals/tinyxml2/*.cpp

MinGW

mingw32-make

If you encounter the following error with MATCHCOMPILER=yes you need to specify your Python interpreter via PYTHON_INTERPRETER.

process_begin: CreateProcess(NULL, which python3, ...) failed.
makefile:24: pipe: No error
process_begin: CreateProcess(NULL, which python, ...) failed.
makefile:27: pipe: No error
makefile:30: *** Did not find a Python interpreter.  Stop.

Other Compiler/IDE

  1. Create an empty project file / makefile.
  2. Add all cpp files in the cppcheck cli and lib folders to the project file / makefile.
  3. Add all cpp files in the externals folders to the project file / makefile.
  4. Compile.

Cross compiling Win32 (CLI) version of Cppcheck in Linux

sudo apt-get install mingw32
make CXX=i586-mingw32msvc-g++ LDFLAGS="-lshlwapi" RDYNAMIC=""
mv cppcheck cppcheck.exe

Packages

Besides building yourself on the platform of your choice there are also several ways to obtain pre-built packages.
Note: The non-Windows packages are not maintained by the Cppcheck team but by the respective packagers instead.

  • (Windows) An official Windows installer is available via the official Cppcheck SourceForge page: https://cppcheck.sourceforge.io/.
  • (Linux/Unix) Many major distros offer Cppcheck packages via their integrated package managers (yum, apt, pacman, etc.). See https://pkgs.org/search/?q=cppcheck for an overview.
  • (Linux/Unix) Unless you are using a "rolling" distro, it is likely that they are not carrying the latest version. There are several external (mainly unsupported) repositories like AUR (ArchLinux), PPA (ubuntu), EPEL (CentOS/Fedora) etc. which provide up-to-date packages.
  • (Linux/Unix) The Canonical Snapcraft package is unmaintained and contains a very old version. Please refrain from using it! See https://trac.cppcheck.net/ticket/11641 for more details.
  • (MacOS) A package is available via Homebrew (brew). See https://formulae.brew.sh/formula/cppcheck#default.

Webpage

https://cppcheck.sourceforge.io/