Over a million developers have joined DZone.

Open Source Static Code Analysis: Cppcheck with Eclipse

DZone's Guide to

Open Source Static Code Analysis: Cppcheck with Eclipse

· Agile Zone ·
Free Resource

You've been hearing a lot about agile software development, get started with the eBook: Agile Product Development from 321 Gang

I have a challenge for you: Can you spot the problem in the following source?

TMOUT1_CounterHandle TMOUT1_GetCounter(TMOUT1_CounterType nofTicks)
  TMOUT1_CounterHandle handle;

  handle = 0;
  if (nofTicks==0) {
    nofTicks = 1; /* wait at least for one tick, otherwise will timeout immediately */
  while (!TMOUT1_FreeCounters[handle] && handle<TMOUT1_NOF_COUNTERS) {
  if (handle<TMOUT1_NOF_COUNTERS) {
    TMOUT1_Counters[handle] = nofTicks;
  if (handle==TMOUT1_NOF_COUNTERS) {
    return TMOUT1_OUT_OF_HANDLE;
  return handle;

No? Well, I have not spotted the problem the first time neither. However, a reader of this blog did: he used a cool tool named ‘cppcheck': that tool reported the following:

 Image title

Array Index Handle is uses before limits check

How cool is that? Not so cool is my bad programming style here:-(. At least the fix was easy :-).

Cppcheck can find many coding errors, portability problems and many more. Cppcheck has found this real problem in the Freescale USB Stack for me:

Image title

Example issue found by Cpptest

So this is a bad and nasty bug: the function returns the address of a variable on the stack!!! On return from that function, that variable on the stack is gone and might cause the system to crash. Thank you for flagging this, Cppcheck!

Obviously, cppcheck has not been used by that developer writing that code, and I think they really should have. I have started using Cppcheck for my code base, and I’m amazed how many possible issues it is able to find!

So here is how you can install it and use it…

Cppcheck Installation

Cppcheck can be downloaded from http://cppcheck.sourceforge.net/:

Image title

Cppcheck web site

The SourceForge site with the download is here: https://sourceforge.net/projects/cppcheck/. Run the setup, and it will install Cppcheck.

Installation of Eclipse Plugins

What makes using Cppcheck really easy is the ‘Cppcheclipse’ plugin in Eclipse.The website for this plugin is here: https://code.google.com/a/eclipselabs.org/p/cppcheclipse. Follow the instructions on
or directly use the following Eclipse Update Site with Help > Install New Software:http://cppcheclipse.eclipselabs.org.codespot.com/svn/update/

In the Eclipse workspace settings (Window > Preferences), point to the Cppcheck binary:

Image title

Binary Path to Cppcheck

This panel also has global settings for all projects, or I can set project specific options.

Image title

Configuration of cppcheck messages

Using Cppcheck with Cppcheclipse

Running Cppcheck on the project is easy: simply use the context menu not the project:

Image title

Running CppCheck

This will check the sources in the project and report issues in the problems view.


In case a problem with too many configurations comes up:

;;information;toomanyconfigs;Too many #ifdef configurations - cppcheck only checks 12 configurations. Use --force to check all configurations. For more details, use --enable=information.

Image title

Cppcheck too many configurations

To avoid that problem, I can restrict the number of configurations, and I have __GNUC__ defined in the project properties:

Image title

Restricted Configuration

I recommend to have a read at the cppcheck manual, e.g. found at http://cppcheck.sourceforge.net/manual.html. It has a lot of advanced options, and ways how to suppress warnings/messages directly in the source code, etc.


It is always amazing what cool gems of open source tools are out there to be explored! Cpptest is a powerful free of charge static analysis tool which can be easily used with Eclipse, including Freescale’s Kinetis Design Studio. It might not catch every programming error, and a developer should have a bunch of tools in its hand. But every bug killed early is one bug less :-). I’m using PC-lint too (see “Eclipse and PC-lint: Linticator“), but having an open source tool in addition to PC-lint, free of charge, is even better.

Download the free agile tools checklist from 321 Gang. This guide will help you choose the right agile tools to position your team for success. 

agile ,eclipse ,code quality ,open source

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}