Cppcheck Usage in Ubuntu

Cppcheck is a static analysis tool for C and C++ code. A static analyser tool detect potential problems in your code which are already visible before its operation at runtime. We embedded Engineers has strong obligation to provide high quality code . Besides resolving standard compiler output warning we should also scan our code through a static analysis tool whenever possible whether provided by the SDK provider or an open source like cppcheck. Its overall target is to catch the following.

• Undefined behavior
• Using dangerous code patterns  
• Coding style

It can be used to identify issues in your code, such as potential bugs, style issues, and performance problems. This can help you write more robust and efficient code. It is an open-source tool, which means that anyone can use it and contribute to its development. Some of the key features of cppcheck include the ability to detect a wide range of issues in your code, the ability to run on multiple platforms, and support for various code standards and coding styles.

Installation Steps

To install cppcheck on Ubuntu, you can use the following steps:

1. Open a terminal window.

2. Update the package manager index by running the following command

sudo apt update

3. Install cppcheck by running the following command:

sudo apt install cppcheck

Once the installation is complete, you can verify that cppcheck is installed correctly by running the following command:

cppcheck --version

To use cppcheck on a codebase, you first need to install the tool on your computer. The installation process varies depending on your operating system, so you should refer to the cppcheck documentation for detailed instructions. Once cppcheck is installed, you can run it on your code by using the following command:

cppcheck [options] [file or directory]

For example, if you want to run cppcheck on a file called main.cpp, you can use the following command:

cppcheck main.cpp

You can also use cppcheck to analyze an entire directory of code by specifying the directory path instead of a file name. For example:

cppcheck /path/to/my/code

There are many options available for cppcheck, which allow you to customize its behavior. For example, you can use the --enable option to enable specific checks, or the --suppress option to ignore certain warnings. You can see a complete list of available options by running the following command:

cppcheck --help

Once cppcheck has finished running, it will display a list of any issues it found in your code. You can then review these issues and take appropriate action to fix them.

Demonstration on an Actual Code 

To demonstrate the usage of cppcheck, I will use a simple C++ program that contains a static rule violation. Here is the code:

#include <iostream> int main() {     char a[10]; a[10] = 0;     return 0; }

Now let's compile the code with g++ standard cpp compiler first and then run the cppcheck analyzer on it and see how the output differs 

You can see the difference . With all the warnings enabled standard compiler was unable to find the arrayIndexOutofBound issue whereas cppcheck shined in this case.  

By running cppcheck, we have identified a potential issue in our code that we can fix.

This example was to demonstrate a very simple example. but you can consider using it for larger projects as well . This could be a great tool to analyse a legacy codebase and find out it's potential bugs 

The Full cppcheck manual can be found on this below link as well 

https://cppcheck.sourceforge.io/manual.pdf