cppcheck

Cppcheck allows you to create your own rules files, but I don't know how much of cppcheck's functionality is exposed. Is anyone working on a set that would enforce JSF or MISRA rules? johnwait You won't be able to implement all MISRA/JSF rules and directives as cppcheck rules, mostly only the straightforward ones restricting certain C language features and constructions or that are style-related (some that come to mind: spaces before/after ./->, # of arguments on a single line, use of unions to provide different methods of accessing memory, presence of unsigned/signed before char, etc). User

C/C++代码静态分析工具调研 摘自：https://www.jianshu.com/p/92886d979401 简述 静态分析（static analysis）是指在不执行代码的情况下对其进行分析评估的过程，是软件质量和软件安全保障的重要一环。它通过词法分析、语义分析、控制流分析、数据流分析等技术对代码逐行解析暴露问题，从而协助我们将许多在运行时才会暴露的棘手麻烦扼杀于摇篮之中。 典型问题示例 代码静态分析能够识别诸多类型的漏洞或缺陷，轻至警告级的「变量未使用」，重至错误级的各类bug，这里列举几种常见的、较严重的、可静态检测的问题。 ■ 缓冲区溢出 缓冲区溢出是指向缓冲区中存入超出其空间大小的数据量，导致多余的数据覆盖其他区域的合法数据，类似倒入容器中的水过多而导致溢出，流到它不该去的地方，造成不可预期的后果。从实践统计看，缓冲区溢出问题是软件中最普遍存在的漏洞问题，在C/C++这类不提供内存越界检测的语言中尤甚。通常，发生缓冲区溢出的情况有： 字符串拷贝，当目标缓冲区长度小于源字串的长度时（此类的函数包括 strcpy 、 _mbscpy 、 strcat 、 wcscat 、 memcpy 、 strncpy 、 _mbsncpy 、 strncat 、 wcsncat 等）。 // 字符串拷贝之前没有对s做长度判断，如果超过10，就会造成缓冲区溢出。 void func

本文由腾讯WeTest团队提供，未经授权严禁转载！更多资讯可直接戳链接查看：http://wetest.qq.com/lab/ 微信号：TencentWeTest 文/张蓓 引言 静态代码分析是指无需运行被测代码，通过词法分析、语法分析、控制流、数据流分析等技术对程序代码进行扫描，找出代码隐藏的错误和缺陷，如参数不匹配，有歧义的嵌套语句，错误的递归，非法计算，可能出现的空指针引用等等。统计证明，在整个软件开发生命周期中，30% 至 70% 的代码逻辑设计和编码缺陷是可以通过静态代码分析来发现和修复的。 在C++项目开发过程中，因为其为编译执行语言，语言规则要求较高，开发团队往往要花费大量的时间和精力发现并修改代码缺陷。所以C++ 静态代码分析工具能够帮助开发人员快速、有效的定位代码缺陷并及时纠正这些问题，从而极大地提高软件可靠性并节省开发成本。 静态代码分析工具的优势 ： 1.自动执行静态代码分析，快速定位代码隐藏错误和缺陷。 2. 帮助代码设计人员更专注于分析和解决代码设计缺陷。 3. 减少在代码人工检查上花费的时间，提高软件可靠性并节省开发成本。 ２业界主流静态代码扫描工具概况 目前市场上的C++ 静态代码分析工具种类繁多且各有千秋，本文将分别介绍TSC团队自主研发的tscancode工具和当前4种主流C++静态代码分析工具(cppcheck、coverity、clang

I would like to use Cppcheck for static code analysis of my C++ code. I learned that I can suppress some kind of warnings with --inline-suppr command. However, I can't find what "suppressed_error_id" I should put in the comment: // cppcheck-suppress "suppressed_error_id" According to the cppcheck help: The error id is the id that you want to suppress. The easiest way to get it is to use the --xml command line flag. Copy and paste the id string from the xml output. So run cppcheck against some code that contains the error with the --xml flag, and then look in the generated XML file to find its

I use realloc to resize the memory allocated: char **get_channel_name(void) { char **result; int n; result = (char **) 0; for (elem = snd_mixer_first_elem(handle), n = 0; elem; elem = snd_mixer_elem_next(elem)) { if (!snd_mixer_selem_is_active(elem)) continue; if (snd_mixer_selem_has_playback_volume(elem) && snd_mixer_selem_has_playback_switch(elem) && snd_mixer_selem_has_capture_switch(elem)) { if (result == (char **) 0) result = (char **) malloc(sizeof(char *)); else result = (char **) realloc(result, sizeof(char *) * (n + 1)); /* nulled but not freed upon failure */ result[n++] = strdup(snd

I am not asking about the various available third-party modules that support Cppcheck in one way or the other. With CMake 3.10, CMake seems to have gained some official Cppcheck support. See CMAKE_<LANG>_CPPCHECK . Unfortunately the documentation how to use this variable is a bit sparse. Is there a good example of how Cppcheck is supposed to be used with CMake 3.10 (or later)? An simple example would be - if you have cppcheck in your PATH and you are not specifying additional parameters - the following by setting global CMAKE_<LANG>_CPPCHECK variable: cmake_minimum_required(VERSION 3.10)

Consider writing implementation for some not-so-obvious algorithm in C. For example let it be recursive quicksort, that I have found in K. N. King's "C Programming: A Modern Approach, 2nd Edition" book, that it's available from here . The most interesting part consist of two following definitions: void quicksort(int a[], int low, int high) { int middle; if (low >= high) return; middle = split(a, low, high); quicksort(a, low, middle - 1); quicksort(a, middle + 1, high); } int split(int a[], int low, int high) { int part_element = a[low]; for (;;) { while (low < high && part_element <= a[high])