cppcheck | static analysis of C/C++ code | Code Analyzer library

 by   danmar C++ Version: 2.10 License: GPL-3.0

kandi X-RAY | cppcheck Summary

kandi X-RAY | cppcheck Summary

cppcheck is a C++ library typically used in Code Quality, Code Analyzer applications. cppcheck has no bugs, it has no vulnerabilities, it has a Strong Copyleft License and it has medium support. You can download it from GitHub.

The original name of this program was "C++check", but it was later changed to "Cppcheck". Despite the name, Cppcheck is designed for both C and C++.
Support
    Quality
      Security
        License
          Reuse

            kandi-support Support

              cppcheck has a medium active ecosystem.
              It has 4824 star(s) with 1352 fork(s). There are 213 watchers for this library.
              There were 1 major release(s) in the last 12 months.
              cppcheck has no issues reported. There are 87 open pull requests and 0 closed requests.
              It has a neutral sentiment in the developer community.
              The latest version of cppcheck is 2.10

            kandi-Quality Quality

              cppcheck has 0 bugs and 0 code smells.

            kandi-Security Security

              cppcheck has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
              cppcheck code analysis shows 0 unresolved vulnerabilities.
              There are 0 security hotspots that need review.

            kandi-License License

              cppcheck is licensed under the GPL-3.0 License. This license is Strong Copyleft.
              Strong Copyleft licenses enforce sharing, and you can use them when creating open source projects.

            kandi-Reuse Reuse

              cppcheck releases are available to install and integrate.
              Installation instructions are not available. Examples and code snippets are available.

            Top functions reviewed by kandi - BETA

            kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
            Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of cppcheck
            Get all kandi verified functions for this library.

            cppcheck Key Features

            No Key Features are available at this moment for cppcheck.

            cppcheck Examples and Code Snippets

            No Code Snippets are available at this moment for cppcheck.

            Community Discussions

            QUESTION

            cppcheck: error: unrecognized command line option: "--file-filter
            Asked 2022-Feb-11 at 13:35

            I am developing C code on Ubuntu 20.04.

            By running cppcheck -q --project=build/proj1/compile_commands.json --file-filter='src/base/Myfile.c'

            I got the error

            ...

            ANSWER

            Answered 2022-Feb-11 at 13:35

            It looks like the version of cppcheck included in Ubuntu 20.04 is not the latest:

            Source https://stackoverflow.com/questions/71080192

            QUESTION

            Cppcheclipse seems to have disappeared
            Asked 2022-Feb-11 at 12:57

            I used to work with cppcheck for a long time and for use within eclipse I made use of the plugin cppcheclipse. Now I am setting up a new development PC and thus am trying to find the way to install it. Obviously the old update site dl.bintray.com disappeared and I did not yet find a new way to get it. The same error comes up when I work with the marketplace. Does anyone by chance know where to get it nowadays?

            Thanks in advance! Regards, Christoph

            ...

            ANSWER

            Answered 2022-Feb-11 at 12:57

            You can find an answer here: https://github.com/kwin/cppcheclipse/issues/108

            and the following download link here.

            So work-around to install the plugin:

            Source https://stackoverflow.com/questions/69372245

            QUESTION

            Why does CppCheck flag static constexpr members as unusedStructMember, when it is used later in the struct definition
            Asked 2022-Jan-11 at 10:27

            CppCheck is flagging the definition of BufLen as an unusedStructMember, even though it is used on the next line to define the length of the array.

            (style) struct member 'TxDetails_t::BufLen' is never used. [unusedStructMember]

            ...

            ANSWER

            Answered 2022-Jan-11 at 10:27

            This is indeed a false positive and it is fixed in the upcoming Cppcheck 2.7. I can reproduce it with 2.6 but not with the latest head.

            Looking at the list of fixed issues it appears you encountered https://trac.cppcheck.net/ticket/10485.

            Source https://stackoverflow.com/questions/70654064

            QUESTION

            Cppcheck ignores -i and checks all files after clean build
            Asked 2021-Oct-30 at 11:31

            My project has pretty complex structure. It looks something like this:

            ...

            ANSWER

            Answered 2021-Oct-30 at 11:31

            The problem was that .h files where still checked, despite -i flag. Solution:

            Source https://stackoverflow.com/questions/69774751

            QUESTION

            How to install an .msi program in Azure Pipeline (Windows)
            Asked 2021-Oct-29 at 17:00

            My objective is to install CppCheck in a Microsoft-Hosted image in Azure Pipelines. I already did this for an Ubuntu image, but CppCheck for Ubuntu is outdated. My pipeline:

            ...

            ANSWER

            Answered 2021-Oct-27 at 08:48

            How to install an .msi program in Azure Pipeline (Windows)

            You could use the Powershell task to install the .msi file:

            Source https://stackoverflow.com/questions/69709427

            QUESTION

            Segmentation Fault before even the first line of `main()` is executed and there are no non-local variables
            Asked 2021-Oct-03 at 22:03

            In the C++ code below, a segmentation fault occurs before the first line of main() is executed.
            This happens even though there are no objects to be constructed before entering main() and it does not happen if I remove a (large) variable definition at the second line of main().

            I assume the segmentation fault occurs because of the size of the variable being defined. My question is why does this occur before the prior line is executed?

            It would seem this shouldn't be occurring due to instruction reordering by the optimizer. I say this based on the compilation options selected and based on debug output.
            Is the size of the (array) variable being defined blowing the stack / causing the segfault?
            It would seem so since using a smaller array (e.g. 15 elements) does not result in a segmentation fault and since the expected output to stdout is seen.

            ...

            ANSWER

            Answered 2021-Oct-03 at 22:03

            This is definitely a stack overflow. sizeof(dynamic_loop_functor_t) is nearly 64 MiB, and the default stack size limit on most Linux distributions is only 8 MiB. So the crash is not surprising.

            The remaining question is, why does the debugger identify the crash as coming from inside std::operator<<? The actual segfault results from the CPU exception raised by the first instruction to access to an address beyond the stack limit. The debugger only gets the address of the faulting instruction, and has to use the debug information provided by the compiler to associate this with a particular line of source code.

            The results of this process are not always intuitive. There is not always a clear correspondence between instructions and source lines, especially when the optimizer may reorder instructions or combine code coming from different lines. Also, there are many cases where a bug or problem with one source line can cause a fault in another section of code that is otherwise innocent. So the source line shown by the debugger should always be taken with a grain of salt.

            In this case, what happened is as follows.

            • The compiler determines the total amount of stack space to be needed by all local variables, and allocates it by subtracting this number from the stack pointer at the very beginning of the function, in the prologue. This is more efficient than doing a separate allocation for each local variable at the point of its declaration. (Note that constructors, if any, are not called until the point in the code where the variable's declaration actually appears.)

              The prologue code is typically not associated with any particular line of source code, or maybe with the line containing the function's opening {. But in any case, subtracting from the stack pointer is a pure register operation; it does not access memory and therefore cannot cause a segfault by itself. Nonetheless, the stack pointer is now pointing outside the area mapped for the stack, so the next attempt to access memory near the stack pointer will segfault.

            • The next few instructions of main execute the cout << "Starting main". This is conceptually a call to the overloaded operator<< from the standard library; but in GCC's libstdc++, the operator<< is a very short function that simply calls an internal helper function named __ostream_insert. Since it is so short, the compiler decides to inline operator<< into main, and so main actually contains a call to __ostream_insert. This is the instruction that faults: the x86 call instruction pushes a return address to the stack, and the stack pointer, as noted, is out of bounds.

              Now the instructions that set up arguments and call __ostream_insert are marked by the debug info as corresponding to the source of operator<<, in the header file - even though those instructions have been inlined into main. Hence your debugger shows the crash as having occurred "inside" operator<<.

              Had the compiler not inlined operator<< (e.g. if you compile without optimization), then main would have contained an actual call to operator<<, and this call is what would have crashed. In that case the traceback would have pointed to the cout << "Starting main" line in main itself - misleading in a different way.

            Note that you can have GCC warn you about functions that use a large amount of stack with the options -Wstack-usage=NNN or -Wframe-larger-than=NNN. These are not enabled by -Wall, but could be useful to add to your build, especially if you expect to use large local objects. Specifying either of them, with a reasonable number for NNN (say 4000000), I get a warning on your main function.

            Source https://stackoverflow.com/questions/69427505

            QUESTION

            How do I add a compiled application to the gitignore file?
            Asked 2021-Sep-12 at 21:58

            I'm trying to upload my copy of Godot to my own github and it complains:

            ...

            ANSWER

            Answered 2021-Sep-12 at 21:58

            The pattern /Godot.app should match your file just fine. However, if the file is already added to the repository, then .gitignore has no effect on it. The .gitignore file affects only files which are untracked.

            In your case, your file is in the history, and it needs to be removed from the entire history if you want to upload it to GitHub. You can do a git rebase -i to go back in history to the point at which it was added and remove it from history, or, if it was added in the most recent commit, you can remove it with git rm -r Godot.app and then run git commit --amend.

            You could also use git filter-branch or git filter-repo to filter it out from the history.

            Source https://stackoverflow.com/questions/69155040

            QUESTION

            cppcheck warning: access of forwarded variable
            Asked 2021-Aug-25 at 13:39

            On the following code

            ...

            ANSWER

            Answered 2021-Aug-25 at 13:39

            QUESTION

            Cmake cant find the required Packages for me
            Asked 2021-Aug-11 at 13:42

            So My Workspace Screenshot After Trying a while i cant Get Cmake To find the required packages even after i did everything as shown in vcpkg

            ...

            ANSWER

            Answered 2021-Aug-11 at 13:42

            You can't set CMAKE_TOOLCHAIN_FILE after the call to project(). That's the command responsible for loading the toolchain file in the first place. Move it before the call to project() or better yet: set it at the command line or in a preset.

            Also, unless you're actually using CMake 3.0.0, you shouldn't set it as a minimum. CMake is not forwards compatible, so without actually testing it on the minimum version, you have no way of knowing whether it will work that far back.

            Source https://stackoverflow.com/questions/68741277

            QUESTION

            How to make cppcheck 2.5 show error on calls to a virtual function in constructor. Older version shows this error
            Asked 2021-Jul-07 at 14:02

            In the list of cppcheck rules there is

            I've written a call to a virtual functions in several classes in my solution and run cppcheck o them, but it didn't show this error.

            I've used GUI and also run cppcheck from command line with --enable=style and --enable=all

            How can I make cppcheck to show this issue? I'm using latest cppcheck

            Another dummy code I've run cppcheck on

            ...

            ANSWER

            Answered 2021-Jul-07 at 14:02

            I found this comment https://sourceforge.net/p/cppcheck/discussion/general/thread/b18f7aaf/#d726

            It will be fixed in the next release. For now I have disabled the check. But it can be enabled again if we write such warnings properly. The checker must ensure that the class is a base class!

            The post relates to 1.84

            Looking at the code it is still disabled: https://github.com/danmar/cppcheck/blob/6397e29f84de53655904326ef1ca892a509275c5/lib/checkclass.h

            Source https://stackoverflow.com/questions/68275106

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network

            Vulnerabilities

            No vulnerabilities reported

            Install cppcheck

            You can download it from GitHub.

            Support

            For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries

            Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link

            Explore Related Topics

            Consider Popular Code Analyzer Libraries

            javascript

            by airbnb

            standard

            by standard

            eslint

            by eslint

            tools

            by rome

            mypy

            by python

            Try Top Libraries by danmar

            simplecpp

            by danmarC

            gcc-plugins

            by danmarC

            cppcheck-htdocs

            by danmarPHP

            checkheaders

            by danmarC++

            elinux

            by danmarJava