Cppcheck 1.54 C/C++静态代码分析工具

1.使用Visual C++的话,应使用警告等级4 2.使用GCC的话,参看Warning options - using GCC 官方地址:http://cppcheck.sourceforge.net/ 当前版本:1.54 for windows 安装界面如下:


工具栏第一个按钮

int main() {
char a[10];
a[10] =0;
return 0;
}用此工具进行检测,结果如下图所示:

一下子就分析出了其中的警告和错误。用命令行检测的话,可以支持中文路径,效果如下图所示:

命令行方式,默认只显示错误的信息,使用--enable打开其他提示信息,如下:
cppcheck.exe --enable=all"E:\项目\测试"在Visual Studio下使用的话,步骤如下:
1.在Visual Studio菜单栏"工具"→"外部工具",点击"添加",内容如下:
标题:Cppcheck命令:D:\Program Files\Cppcheck\cppcheck.exe
参数:--enable=all--template=vs $(SolutionDir)
勾选"使用输出窗口"2.使用时,点击"工具"→"Cppcheck"即可,如下图所示:

双击提示内容,即可定位到所在行。
附录: 1.cppcheck命令行参数 Syntax: cppcheck [OPTIONS] [files or paths] If a directory is given instead of a filename, *.cpp, *.cxx, *.cc, *.c++, *.c, *.tpp, and *.txx files are checked recursively from the given directory.
Example: '-DDEBUG=1 -D__cplusplus'.
Example: '-UDEBUG'
* all
Enable all checks
* style
Enable all coding style checks. All messages with the severities 'style', 'performance' and 'portability' are enabled.
* performance
Enable performance messages
* portability
Enable portability messages
* information
Enable information messages
* unusedFunction
Check for unused functions
* missingInclude
Warn if there are missing includes. For detailed information, use '--check-config'.
Several ids can be given if you separate them with commas. See also --std
* unix32
32 bit unix variant
* unix64
64 bit unix variant
* win32A
32 bit Windows ASCII character encoding
* win32W
32 bit Windows UNICODE character encoding
* win64
64 bit Windows
-rp=<paths>, --relative-paths=<paths>
The available options are:
* posix
Checks related to POSIX-specific functionality
* c99
C99 standard related checks
* c++11
C++11 standard related checks
Example to enable more than one checks:
'cppcheck --std=c99 --std=posix file.cpp'
[error id]:[filename]:[line]
The [filename] and [line] are optional. If [error id] is a wildcard '*', all error ids match.
'{file}:{line},{severity},{id},{message}' or '{file}({line}):({severity}) {message}'
Pre-defined templates: gcc, vs, edit.
Example usage: # Recursively check the current folder. Print the progress on the screen and write errors to a file: cppcheck . 2> err.txt # Recursively check ../myproject/ and don't print progress: cppcheck --quiet ../myproject/ # Check only files one.cpp and two.cpp and give all information there is: cppcheck -v -s one.cpp two.cpp # Check f.cpp and search include files from inc1/ and inc2/: cppcheck -I inc1/ -I inc2/ f.cpp
2.检测内容
64-bit portability
Check if there is 64-bit portability issues:
- assign address to/from int/long
Auto Variables
A pointer to a variable is only valid as long as the variable is in scope. Check:
- returning a pointer to auto or temporary variable
- assigning address of an variable to an effective parameter of a function
- returning reference to local/temporary variable
- returning address of function parameter
Boost usage
Check for invalid usage of Boost:
- container modification during BOOST_FOREACH
Bounds checking
out of bounds checking
Class
Check the code for each class.
- Missing constructors
- Are all variables initialized by the constructors?
- Warn if memset, memcpy etc are used on a class
- If it's a base class, check that the destructor is virtual
- Are there unused private functions
- 'operator=' should return reference to self
- 'operator=' should check for assignment to self
- Constness for member functions
Exception Safety
Checking exception safety
- Throwing exceptions in destructors
- Throwing exception during invalid state
- Throwing a copy of a caught exception instead of rethrowing the original exception
- exception caught by value instead of by reference
Match assignments and conditions
Match assignments and conditions:
- Mismatching assignment and comparison => comparison is always true/false
- Mismatching lhs and rhs in comparison => comparison is always true/false
- Detect matching 'if' and 'else if' conditions
Memory leaks (address not taken)
Not taking the address to allocated memory
Memory leaks (class variables)
If the constructor allocate memory then the destructor must deallocate it.
Memory leaks (function variables)
Is there any allocated memory when a function goes out of scope
Memory leaks (struct members)
Don't forget to deallocate struct members
Non reentrant functions
Warn if any of these non reentrant functions are used:
- crypt
- ctermid
- ecvt
- fcvt
- fgetgrent
- fgetpwent
- fgetspent
- gcvt
- getgrent
- getgrgid
- getgrnam
- gethostbyaddr
- gethostbyname
- gethostbyname2
- gethostent
- getlogin
- getnetbyaddr
- getnetbyname
- getnetgrent
- getprotobyname
- getpwent
- getpwnam
- getpwuid
- getrpcbyname
- getrpcbynumber
- getrpcent
- getservbyname
- getservbyport
- getservent
- getspent
- getspnam
- gmtime
- localtime
- readdir
- strtok
- tempnam
- ttyname
Null pointer
Null pointers
- null pointer dereferencing
Obsolete functions
Warn if any of these obsolete functions are used:
- asctime
- asctime_r
- bcmp
- bcopy
- bsd_signal
- bzero
- ctime
- ctime_r
- ecvt
- fcvt
- ftime
- gcvt
- getcontext
- gethostbyaddr
- gethostbyname
- getwd
- index
- makecontext
- pthread_attr_getstackaddr
- pthread_attr_setstackaddr
- rand_r
- rindex
- scalbln
- swapcontext
- tmpnam
- tmpnam_r
- ualarm
- usleep
- utime
- vfork
- wcswcs
Other
Other checks
- Assigning bool value to pointer (converting bool value to address)
- bad usage of the function 'sprintf' (overlapping data)
- division with zero
- using fflush() on an input stream
- scoped object destroyed immediately after construction
- assignment in an assert statement
- sizeof for array given as function argument
- sizeof for numeric given as function argument
- using sizeof(pointer) instead of the size of pointed data
- incorrect length arguments for 'substr' and 'strncmp'
- invalid usage of output stream. For example: std::cout << std::cout;'
- wrong number of arguments given to 'printf' or 'scanf;'
- double free() or double closedir()
- C-style pointer cast in cpp file
- casting between incompatible pointer types
- redundant if
- bad usage of the function 'strtol'
- unsigned division
- Dangerous usage of 'scanf'
- passing parameter by value
- Incomplete statement
- check how signed char variables are used
- variable scope can be limited
- condition that is always true/false
- unusal pointer arithmetic. For example: "abc" + 'd'
- redundant assignment in a switch statement
- redundant strcpy in a switch statement
- look for 'sizeof sizeof ..'
- look for calculations inside sizeof()
- assignment of a variable to itself
- mutual exclusion over || always evaluating to true
- Clarify calculation with parentheses
- using increment on boolean
- comparison of a boolean with a non-zero integer
- comparison of a boolean expression with an integer other than 0 or 1
- suspicious condition (assignment+comparison)
- suspicious condition (runtime comparison of string literals)
- suspicious condition (string literals as boolean)
- duplicate break statement
- unreachable code
- testing if unsigned variable is negative
- testing is unsigned variable is positive
- using bool in bitwise expression
- Suspicious use of ; at the end of 'if/for/while' statement.
- incorrect usage of functions from ctype library.
- optimisation: detect post increment/decrement
STL usage
Check for invalid usage of STL:
- out of bounds errors
- misuse of iterators when iterating through a container
- mismatching containers in calls
- dereferencing an erased iterator
- for vectors: using iterator/pointer after push_back has been used
- optimisation: use empty() instead of size() to guarantee fast code
- suspicious condition when using find
- redundant condition
- common mistakes when using string::c_str()
- using auto pointer (auto_ptr)
- useless calls of string functions
Uninitialized variables
Uninitialized variables
- using uninitialized variables and data
Unused functions
Check for functions that are never called
UnusedVar
UnusedVar checks
- unused variable
- allocated but unused variable
- unred variable
- unassigned variable
- unused struct member
Using postfix operators
Warn if using postfix operators ++ or -- rather than prefix operator
RFID管理系统集成商 RFID中间件 条码系统中间层 物联网软件集成