Static Code Analysis and Cppcheck

11,649 views

Published on

A brief introduction to Cppcheck, a static code analysis tool for C++ source code.

Published in: Technology
2 Comments
5 Likes
Statistics
Notes
No Downloads
Views
Total views
11,649
On SlideShare
0
From Embeds
0
Number of Embeds
48
Actions
Shares
0
Downloads
193
Comments
2
Likes
5
Embeds 0
No embeds

No notes for slide

Static Code Analysis and Cppcheck

  1. 1.  Static Code Analysis Survey of Tools Cppcheck
  2. 2.  Goal: Provide confidence that code is correct just by looking at it (without building or executing it). Helps us find easy bugs buried in thousands of lines of code (not something people are great at).
  3. 3.  Formal Methods Code Metrics Reviews and Inspection
  4. 4.  Formal Methods: ◦ Mathematical! ◦ Require a mathematical model and assertions! ◦ Often require modeling the system as a finite state machine and verifying each state and transition. Code Metrics Reviews and Inspection
  5. 5.  Formal Methods: Too difficult! Static analysis is supposed to save time. Code Metrics Reviews and Inspection
  6. 6.  Formal Methods: Too difficult! Static analysis is supposed to save time. Code Metrics:• Identify areas where bugs are likely.• Based on measures of code complexity rooted in graph theory (e.g. Cyclomatic complexity). Reviews and Inspection
  7. 7.  Formal Methods: Too difficult! Static analysis is supposed to save time. Code Metrics: Good, but doesn’t directly identify defects. Reviews and Inspection
  8. 8.  Formal Methods: Too difficult! Static analysis is supposed to save time. Code Metrics: Good, but doesn’t directly identify defects. Reviews and Inspection• Just look at the code and try to find suspicious patterns.• Basically what we do when performing code reviews.
  9. 9.  Formal Methods: Too difficult! Static analysis is supposed to save time. Code Metrics: Good, but doesn’t directly identify defects. Reviews and Inspection Works pretty well!
  10. 10.  Static Code Analysis Survey of Tools Cppcheck
  11. 11.  Three Popular Commercial Tools: ◦ PC-Lint ◦ Klocwork Insight ◦ Coverity Prevent One Free Software Tool: ◦ Cppcheck
  12. 12.  PC-Lint ◦ Commercial ◦ Works for C code ◦ Often reports many false positives. ◦ Probably the cheapest after Cppcheck (which is free) Klocwork Insight Coverity Prevent Cppcheck
  13. 13.  PC-Lint Klocwork Insight ◦ Commercial ◦ A spin-out of Nortel Networks ◦ Also includes project management and project visualization capabilities. Coverity Prevent Cppcheck
  14. 14.  PC-Lint Klocworks Insight Coverity Prevent ◦ Commercial ◦ Identified over 6000 bugs across 53 open-source projects. ◦ Developed from research at Stanford University. Cppcheck
  15. 15.  PC-Lint Klocworks Insight Coverity Prevent Cppcheck ◦ Open source ◦ Under active development. ◦ Has found > 400 bugs in open-source projects. ◦ Free!
  16. 16.  Static Code Analysis Survey of Tools Cppcheck
  17. 17.  Detects bugs in C and C++ source that compilers normally do not warn about! Cross-platform (Windows, Linux, etc) Fancy Qt-based GUI client! ◦ Also available in a command-line version Usable via plugins from various IDEs (but not VS): ◦ Eclipse ◦ Code::Blocks ◦ Hudson, Jenkins
  18. 18.  Packages maintained for FreeBSD, Debian and Ubuntu systems (sudo apt-get install cppcheck) Used to find bugs in many open-source projects: ◦ Linux Kernel: > 40 bugs found+fixed ◦ VLC Player: > 20 bugs found+fixed ◦ Others: 7-zip, curl, git, etc
  19. 19.  Bounds checking for array overruns Memory and resource leaks Unused private class functions Use of deprecated functions Wrong # of arguments given to printf or scanf Switch cases that fall through suspiciously Dozens of others…
  20. 20. Possible buffer overrun Memory leak: bufShould be “delete[] buf” Resource leak: file
  21. 21. Cppcheck finds many of the issueswith that code (but not all)
  22. 22. Buffer overrunSuspicious format specifier for apointer to a C string (but notnecessary a bug)
  23. 23.  Bounds checking for array overruns Unused private class functions Use of deprecated functions Memory and resource leaks Dozens of others…
  24. 24. PreprocessorSource File Tokenizer Simplifier Results Checks Happy Developer
  25. 25. void foo(char* str){ if (str == 0) printf(str); else printf("Whoa");} Tokenizer Simplifiervoid foo ( char * str ) { if ( ! str ) { printf ( str ) ; } else{ printf ( "Whoa" ) ; } }
  26. 26. void foo(char* str){ if (str == 0) printf(str); else printf("Whoa");} Indentation, spacing, NULL-checks and braces are normalized Tokenizer to simplify checks! Simplifiervoid foo ( char * str ) { if ( ! str ) { printf ( str ) ; } else{ printf ( "Whoa" ) ; } }
  27. 27. void foo ( char * str ) { if ( ! str ) { printf ( str ) ; } else { printf ( "Whoa" ) ; } } Results Checks Each check iterates over the tokens, and reports if it finds a suspicious pattern! Checks implemented as C functions or XML documents that describe the pattern to look for. Results categorized as error, warning, style, performance, portability, or informative.
  28. 28.  Cppcheck is a free tool for finding bugs in C++ source code. It works by parsing the source code, splitting it into tokens and finding suspicious patterns in the tokens.
  29. 29.  Official project page: ◦ http://cppcheck.sourceforge.net/ Official source repository: ◦ https://github.com/danmar/cppc heck

×