Cppcheck was introduced at https://blog.csdn.net/fengbingchun/article/details/8887843 before . It was still version 1.x at that time, and now it has reached version 2.x. Here is a summary.
Cppcheck is a static analysis tool for C/C++ code , the source address is https://github.com/danmar/cppcheck , the latest release version is 2.10, and the license is GPL-3.0. It supports Windows, Linux, and Mac install .
Cppcheck provides unique code analysis to detect bugs and focuses on detecting undefined behavior and dangerous coding constructs . Its goal is to detect only real bugs in the code and generate as few false positives as possible. Cppcheck focuses on bugs rather than code style.
Static analysis is a very large field, and Cppcheck only covers a part of it. No single tool can cover the entire field. Each tool has unique code analysis and using a set of tools is better than using one and is a great addition.
Undefined behavior (undefined behavior) includes :
(1).dead pointers;
(2). Divide by 0;
(3). Integer overflow;
(4). Invalid displacement operation;
(5). Invalid conversion;
(6). The usage of .STL is invalid;
(7). Memory management;
(8). Null pointer dereference;
(9). Cross-border inspection;
(10). Uninitialized variables;
(11). Write const data;
Installation: Download cppcheck-2.10-x64-Setup.msi from https://github.com/danmar/cppcheck/releases/tag/2.10 , double-click to install, and add the installation path, which is the path of cppcheck.exe, to the system environment variable middle.
The resulting messages (messages) include :
(1).error: Undefined behavior or other errors when executing code, such as memory leaks;
(2).warning: There may be undefined behavior when executing the code;
(3).style: style issues, such as unused functions, redundant code, constness, operator precedence, possible errors;
(4).performance: runtime performance recommendations based on common knowledge;
(5).portability: portability warning;
(6).information: Configuration issues, not related to grammatical correctness.
Note :
(1). You can check which input parameters are supported by executing cppcheck.exe --help;
(2).语法: cppcheck.exe [options] [files or paths]
(3).--file-filter=<str>: Set the file filter and only check the files matching the filter; for example --file-filter=*bar.cpp only analyze the files ending with bar.cpp;
(4).--cppcheck-build-dir=<dir>: Cppcheck saves the analysis information in this folder, which is recommended . Advantages: speed up the analysis and make incremental analysis possible; it can also be used when multiple threads are used Perform whole program analysis;
(5).--enable=<id>: id can be all, warning, style, performance, portability, information, missingInclude; all enables all checks, when scanning the entire program, it is recommended to only use all , because this will enable unusedFunction ; Multiple ids can be specified, separated by commas;
(6).--file-list=<file>: Specify the file to be checked in the text file;
(7).-I <dir>: Give the path to search for include files, there can be multiple -I;
(8).--include=<file>: Mandatory include a file before the checked file;
(9).--output-file=<file>: write the result to a file;
(10).-v or --verbose: Output more detailed error messages.
Here, the code in GitHub Messy_Test/demo/Messy_Test is used for testing, and the execution command is as follows:
Generate some files in the current results directory, open the result.txt in it, the content is as follows: Give the reason for the problematic code line
