Introduction

Cppcheck is a static analysis tool for C/C++ code. It provides unique code analysis that detects undefined behavior and dangerous coding constructs. From another perspective, Cppcheck is not designed to detect syntax errors.

The goal is to have very few false positives (false warnings), which means it will be less noisy. It will be a bad choice if you want to detect ALL bugs.

Features

Unique analysis

Other analyzers use path-sensitive analysis, for example:

void foo(int x)
{
    int buf[10];
    if (x == 1000)
        buf[x] = 0; // <- ERROR
}

Cppcheck uses unsound flow-sensitive analysis (static analysis: performed without compiling or executing the program). For example:

void foo(int x)
{
    int buf[10];
    buf[x] = 0; // <- ERROR
    if (x == 1000) {}
}

Undefined behavor

• Dead pointers
• Division by zero
• Integer overflows
• Invalid bit shift operands
• Invalid conversions
• Invalid usage of STL