About Me

My photo
I'm a colonist who has declared war on machines and intend to conquer them some day. You'll often find me deep in the trenches fighting off bugs and ugly defects in code. When I'm not tappity-tapping at my WMD (also, known as keyboard), you'll find me chatting with friends, reading comics or playing a PC game.

Monday, July 6, 2009

Cppcheck - An open source C++ static analysis tool

How would you identify potential flaws in your code? Conducting a code review would make sure that:
1. Possible errors/exceptions are dealt with.
2. Proper design patterns and good coding idioms have been used.
3. Common logical errors are eliminated and more...

However if bugs were introduced by a human in the first place, then those self-same bugs could be missed during a code review. Human program-comprehension is not very reliable.

Now, what if there were a tool to conduct the code review? That's what Static Code Analysis is for. It involves the analysis of program code without actually executing it. Of course, unlike a human, a tool that automates the process of static analysis can't really consider design issues on a large scale. It can offer advice about certain basic design patterns and good programming practices but it can't go beyond that and look at the big picture.

There are plenty of great static analysis tools around. You can get a complete list here. If you're a C/C++ programmer, you might want to try out Cppcheck. Its been GPL licensed and has a QT application front end for those who don't want to get their hands dirty with the command line. :)

Wiki entry on Cppcheck
SourceForge Project site of CppCheck


Mark Dalgarno said...

There's an emerging class of static analysis tools that can detect architectural problems such as architecture violations [1], code clones, cyclic dependencies, dead code etc. I think that these architecture analysis tools are quite distinct from the lower-level tools you're referring to.

Axivion Bauhaus Suite [2] is one of the tools in this area and supports c, c++, java and c#.

[1] Architecture violation checking works in these tools by letting the architect/designer specify rules that developers must follow e.g. to enforce strict layering for example.

[2] Disclaimer - we sell Bauhaus in the UK & Ireland so we're a bit biased :-)

Angelo said...

I agree. Static analysis tools are getting more and more sophisticated. The tool that you mentioned seems pretty powerful and feature-rich. Thanks for pointing it out. :)

alvina said...

Completely agree. open source static code analysis tools is very powerful and useful tool for developers. Thanks for sharing nice info.