DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
View Events Video Library
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Integrating PostgreSQL Databases with ANF: Join this workshop to learn how to create a PostgreSQL server using Instaclustr’s managed service

Mobile Database Essentials: Assess data needs, storage requirements, and more when leveraging databases for cloud and edge applications.

Monitoring and Observability for LLMs: Datadog and Google Cloud discuss how to achieve optimal AI model performance.

Automated Testing: The latest on architecture, TDD, and the benefits of AI and low-code tools.

Related

  • Making A Good Thing Even Better: Google Open Source WindowBuilder and CodePro Profiler
  • Making an IoT Developer’s Life Easier With Eclipse IoT Packages
  • Updating the Deprecated BIRT Custom Report Item "Rotated Text"
  • Is Java in Jeopardy?

Trending

  • Spring WebFlux Retries
  • Software Verification and Validation With Simple Examples
  • Demystifying Enterprise Integration Patterns: Bridging the Gap Between Systems
  • Next.js vs. Gatsby: A Comprehensive Comparison
  1. DZone
  2. Coding
  3. Frameworks
  4. Open Source Static Code Analysis: Cppcheck with Eclipse

Open Source Static Code Analysis: Cppcheck with Eclipse

Erich Styger user avatar by
Erich Styger
·
Jul. 02, 15 · Tutorial
Like (0)
Save
Tweet
Share
2.83K Views

Join the DZone community and get the full member experience.

Join For Free

I have a challenge for you: Can you spot the problem in the following source?


TMOUT1_CounterHandle TMOUT1_GetCounter(TMOUT1_CounterType nofTicks)
{
  TMOUT1_CounterHandle handle;
  CS1_CriticalVariable();

  handle = 0;
  if (nofTicks==0) {
    nofTicks = 1; /* wait at least for one tick, otherwise will timeout immediately */
  }
  CS1_EnterCritical();
  while (!TMOUT1_FreeCounters[handle] && handle<TMOUT1_NOF_COUNTERS) {
    handle++;
  }
  if (handle<TMOUT1_NOF_COUNTERS) {
    TMOUT1_FreeCounters[handle]=FALSE;
    TMOUT1_Counters[handle] = nofTicks;
  }
  CS1_ExitCritical();
  if (handle==TMOUT1_NOF_COUNTERS) {
    return TMOUT1_OUT_OF_HANDLE;
  }
  return handle;
}

No? Well, I have not spotted the problem the first time neither. However, a reader of this blog did: he used a cool tool named ‘cppcheck': that tool reported the following:

 Image title

Array Index Handle is uses before limits check

How cool is that? Not so cool is my bad programming style here:-(. At least the fix was easy :-).

Cppcheck can find many coding errors, portability problems and many more. Cppcheck has found this real problem in the Freescale USB Stack for me:

Image title


Example issue found by Cpptest

So this is a bad and nasty bug: the function returns the address of a variable on the stack!!! On return from that function, that variable on the stack is gone and might cause the system to crash. Thank you for flagging this, Cppcheck!

Obviously, cppcheck has not been used by that developer writing that code, and I think they really should have. I have started using Cppcheck for my code base, and I’m amazed how many possible issues it is able to find!

So here is how you can install it and use it…

Cppcheck Installation

Cppcheck can be downloaded from http://cppcheck.sourceforge.net/:

Image title


Cppcheck web site

The SourceForge site with the download is here: https://sourceforge.net/projects/cppcheck/. Run the setup, and it will install Cppcheck.

Installation of Eclipse Plugins

What makes using Cppcheck really easy is the ‘Cppcheclipse’ plugin in Eclipse.The website for this plugin is here: https://code.google.com/a/eclipselabs.org/p/cppcheclipse. Follow the instructions on
https://code.google.com/a/eclipselabs.org/p/cppcheclipse/wiki/Installation
or directly use the following Eclipse Update Site with Help > Install New Software:http://cppcheclipse.eclipselabs.org.codespot.com/svn/update/

In the Eclipse workspace settings (Window > Preferences), point to the Cppcheck binary:

Image title


Binary Path to Cppcheck

This panel also has global settings for all projects, or I can set project specific options.

Image title


Configuration of cppcheck messages

Using Cppcheck with Cppcheclipse

Running Cppcheck on the project is easy: simply use the context menu not the project:

Image title


Running CppCheck

This will check the sources in the project and report issues in the problems view.

Tips

In case a problem with too many configurations comes up:

;;information;toomanyconfigs;Too many #ifdef configurations - cppcheck only checks 12 configurations. Use --force to check all configurations. For more details, use --enable=information.

Image title


Cppcheck too many configurations

To avoid that problem, I can restrict the number of configurations, and I have __GNUC__ defined in the project properties:

Image title


Restricted Configuration

I recommend to have a read at the cppcheck manual, e.g. found at http://cppcheck.sourceforge.net/manual.html. It has a lot of advanced options, and ways how to suppress warnings/messages directly in the source code, etc.

Summary

It is always amazing what cool gems of open source tools are out there to be explored! Cpptest is a powerful free of charge static analysis tool which can be easily used with Eclipse, including Freescale’s Kinetis Design Studio. It might not catch every programming error, and a developer should have a bunch of tools in its hand. But every bug killed early is one bug less :-). I’m using PC-lint too (see “Eclipse and PC-lint: Linticator“), but having an open source tool in addition to PC-lint, free of charge, is even better.

Open source Eclipse

Opinions expressed by DZone contributors are their own.

Related

  • Making A Good Thing Even Better: Google Open Source WindowBuilder and CodePro Profiler
  • Making an IoT Developer’s Life Easier With Eclipse IoT Packages
  • Updating the Deprecated BIRT Custom Report Item "Rotated Text"
  • Is Java in Jeopardy?

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends: