Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Open Source Static Code Analysis: Cppcheck with Eclipse

DZone's Guide to

Open Source Static Code Analysis: Cppcheck with Eclipse

· Agile Zone
Free Resource

See how three solutions work together to help your teams have the tools they need to deliver quality software quickly. Brought to you in partnership with CA Technologies

I have a challenge for you: Can you spot the problem in the following source?


TMOUT1_CounterHandle TMOUT1_GetCounter(TMOUT1_CounterType nofTicks)
{
  TMOUT1_CounterHandle handle;
  CS1_CriticalVariable();

  handle = 0;
  if (nofTicks==0) {
    nofTicks = 1; /* wait at least for one tick, otherwise will timeout immediately */
  }
  CS1_EnterCritical();
  while (!TMOUT1_FreeCounters[handle] && handle<TMOUT1_NOF_COUNTERS) {
    handle++;
  }
  if (handle<TMOUT1_NOF_COUNTERS) {
    TMOUT1_FreeCounters[handle]=FALSE;
    TMOUT1_Counters[handle] = nofTicks;
  }
  CS1_ExitCritical();
  if (handle==TMOUT1_NOF_COUNTERS) {
    return TMOUT1_OUT_OF_HANDLE;
  }
  return handle;
}

No? Well, I have not spotted the problem the first time neither. However, a reader of this blog did: he used a cool tool named ‘cppcheck': that tool reported the following:

 Image title

Array Index Handle is uses before limits check

How cool is that? Not so cool is my bad programming style here:-(. At least the fix was easy :-).

Cppcheck can find many coding errors, portability problems and many more. Cppcheck has found this real problem in the Freescale USB Stack for me:

Image title


Example issue found by Cpptest

So this is a bad and nasty bug: the function returns the address of a variable on the stack!!! On return from that function, that variable on the stack is gone and might cause the system to crash. Thank you for flagging this, Cppcheck!

Obviously, cppcheck has not been used by that developer writing that code, and I think they really should have. I have started using Cppcheck for my code base, and I’m amazed how many possible issues it is able to find!

So here is how you can install it and use it…

Cppcheck Installation

Cppcheck can be downloaded from http://cppcheck.sourceforge.net/:

Image title


Cppcheck web site

The SourceForge site with the download is here: https://sourceforge.net/projects/cppcheck/. Run the setup, and it will install Cppcheck.

Installation of Eclipse Plugins

What makes using Cppcheck really easy is the ‘Cppcheclipse’ plugin in Eclipse.The website for this plugin is here: https://code.google.com/a/eclipselabs.org/p/cppcheclipse. Follow the instructions on
https://code.google.com/a/eclipselabs.org/p/cppcheclipse/wiki/Installation
or directly use the following Eclipse Update Site with Help > Install New Software:http://cppcheclipse.eclipselabs.org.codespot.com/svn/update/

In the Eclipse workspace settings (Window > Preferences), point to the Cppcheck binary:

Image title


Binary Path to Cppcheck

This panel also has global settings for all projects, or I can set project specific options.

Image title


Configuration of cppcheck messages

Using Cppcheck with Cppcheclipse

Running Cppcheck on the project is easy: simply use the context menu not the project:

Image title


Running CppCheck

This will check the sources in the project and report issues in the problems view.

Tips

In case a problem with too many configurations comes up:

;;information;toomanyconfigs;Too many #ifdef configurations - cppcheck only checks 12 configurations. Use --force to check all configurations. For more details, use --enable=information.

Image title


Cppcheck too many configurations

To avoid that problem, I can restrict the number of configurations, and I have __GNUC__ defined in the project properties:

Image title


Restricted Configuration

I recommend to have a read at the cppcheck manual, e.g. found at http://cppcheck.sourceforge.net/manual.html. It has a lot of advanced options, and ways how to suppress warnings/messages directly in the source code, etc.

Summary

It is always amazing what cool gems of open source tools are out there to be explored! Cpptest is a powerful free of charge static analysis tool which can be easily used with Eclipse, including Freescale’s Kinetis Design Studio. It might not catch every programming error, and a developer should have a bunch of tools in its hand. But every bug killed early is one bug less :-). I’m using PC-lint too (see “Eclipse and PC-lint: Linticator“), but having an open source tool in addition to PC-lint, free of charge, is even better.

Discover how TDM Is Essential To Achieving Quality At Speed For Agile, DevOps, And Continuous Delivery. Brought to you in partnership with CA Technologies

Topics:
agile ,eclipse ,code quality ,open source

Opinions expressed by DZone contributors are their own.

THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}