Recently, I was looking in the net for a open source static analysis tool for C++. on windows platform. Most of them I found were written for Unix platform or for GCC, while my target is VC++ for Windows.
Finally I landed on CppCheck. It is a bare minimum static analsyer that can be compiled and integrated into VS2005 quite easily. Though it doesn’t provide any advance features like what professional analysis tools like Clokworks give ( I am not even sure whether I can compare it with Clokworks), it performs the standard checks like
- Bad usage of memset/memcpy/memmove
- Memory leaks
- Buffer overruns
- Check class constructors (uninitialized member variables?)
- Using old functions that should be avoided such as ‘gets’ and ‘scanf’
- Invalid function usage. A few extra checks when using standard functions.
- Division with signed and unsigned operands
- Assignment in condition: if (a=b)
- Using char variables in bit operations or as array index
It also checks for redundant code, C-style pointer cast, isDigit, isAlpha etc.
Download CppCheck 1.24 from here. though the website says it can be compiled under windows, it failed with VC++ compiler. you need GCC on Cygwin to compile this. I think with little tweaking on the Make file it can be compiled using VC++ but since I already had GCC /Cygwin on my PC, I didn’t care doing it.
After successful compilation it throws cppcheck.exe. Copy this binary to wherever you want. If you had compiled using Cygwin place the Cygwin1.dll in the same directory. This is required if you wan VS2005 to call cppcheck.
Open visual studio 2005 IDE. Select Tools->External tools in the menu. On the External Tools windows, Click Add and configure as follows.
Now when you select the Tools menu you can see that cppcheck utility is listed in it. I tried running the tool for one of the source file in the cppcheck project itself. It threw “expected is passed by value, it could be passed by reference/pointer instead” message for few lines. I wonder why the author didn’t fix those
If you are using any other static analysis tool that is free/FOSS and can be run on windows please comment.
Related links :