Over a million developers have joined DZone.

Open Source Static Code Analysis: Cppcheck with Eclipse

· Agile Zone

Learn more about how DevOps teams must adopt a more agile development process, working in parallel instead of waiting on other teams to finish their components or for resources to become available, brought to you in partnership with CA Technologies.

I have a challenge for you: Can you spot the problem in the following source?

TMOUT1_CounterHandle TMOUT1_GetCounter(TMOUT1_CounterType nofTicks)
  TMOUT1_CounterHandle handle;

  handle = 0;
  if (nofTicks==0) {
    nofTicks = 1; /* wait at least for one tick, otherwise will timeout immediately */
  while (!TMOUT1_FreeCounters[handle] && handle<TMOUT1_NOF_COUNTERS) {
  if (handle<TMOUT1_NOF_COUNTERS) {
    TMOUT1_Counters[handle] = nofTicks;
  if (handle==TMOUT1_NOF_COUNTERS) {
    return TMOUT1_OUT_OF_HANDLE;
  return handle;

No? Well, I have not spotted the problem the first time neither. However, a reader of this blog did: he used a cool tool named ‘cppcheck': that tool reported the following:

 Image title

Array Index Handle is uses before limits check

How cool is that? Not so cool is my bad programming style here:-(. At least the fix was easy :-).

Cppcheck can find many coding errors, portability problems and many more. Cppcheck has found this real problem in the Freescale USB Stack for me:

Image title

Example issue found by Cpptest

So this is a bad and nasty bug: the function returns the address of a variable on the stack!!! On return from that function, that variable on the stack is gone and might cause the system to crash. Thank you for flagging this, Cppcheck!

Obviously, cppcheck has not been used by that developer writing that code, and I think they really should have. I have started using Cppcheck for my code base, and I’m amazed how many possible issues it is able to find!

So here is how you can install it and use it…

Cppcheck Installation

Cppcheck can be downloaded from http://cppcheck.sourceforge.net/:

Image title

Cppcheck web site

The SourceForge site with the download is here: https://sourceforge.net/projects/cppcheck/. Run the setup, and it will install Cppcheck.

Installation of Eclipse Plugins

What makes using Cppcheck really easy is the ‘Cppcheclipse’ plugin in Eclipse.The website for this plugin is here: https://code.google.com/a/eclipselabs.org/p/cppcheclipse. Follow the instructions on
or directly use the following Eclipse Update Site with Help > Install New Software:http://cppcheclipse.eclipselabs.org.codespot.com/svn/update/

In the Eclipse workspace settings (Window > Preferences), point to the Cppcheck binary:

Image title

Binary Path to Cppcheck

This panel also has global settings for all projects, or I can set project specific options.

Image title

Configuration of cppcheck messages

Using Cppcheck with Cppcheclipse

Running Cppcheck on the project is easy: simply use the context menu not the project:

Image title

Running CppCheck

This will check the sources in the project and report issues in the problems view.


In case a problem with too many configurations comes up:

;;information;toomanyconfigs;Too many #ifdef configurations - cppcheck only checks 12 configurations. Use --force to check all configurations. For more details, use --enable=information.

Image title

Cppcheck too many configurations

To avoid that problem, I can restrict the number of configurations, and I have __GNUC__ defined in the project properties:

Image title

Restricted Configuration

I recommend to have a read at the cppcheck manual, e.g. found at http://cppcheck.sourceforge.net/manual.html. It has a lot of advanced options, and ways how to suppress warnings/messages directly in the source code, etc.


It is always amazing what cool gems of open source tools are out there to be explored! Cpptest is a powerful free of charge static analysis tool which can be easily used with Eclipse, including Freescale’s Kinetis Design Studio. It might not catch every programming error, and a developer should have a bunch of tools in its hand. But every bug killed early is one bug less :-). I’m using PC-lint too (see “Eclipse and PC-lint: Linticator“), but having an open source tool in addition to PC-lint, free of charge, is even better.

Discover the warning signs of DevOps Dysfunction and learn how to get back on the right track, brought to you in partnership with CA Technologies.

agile,eclipse,code quality,open source

The best of DZone straight to your inbox.

Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}