cppcheck  2.4.1
About: Cppcheck is a static analysis tool for C/C++ code. It checks for memory leaks, mismatching allocation-deallocation, buffer overrun, and many more.
  Fossies Dox: cppcheck-2.4.1.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  



Cppcheck is a simple tool for static analysis of C/C++ code.

When you write a checker you have access to:

  • Token list - the tokenized code
  • Syntax tree - Syntax tree of each expression
  • SymbolDatabase - Information about all types/variables/functions/etc in the current translation unit
  • Library - Configuration of functions/types
  • Value flow analysis - Data flow analysis that determine possible values for each token

Use –debug-normal on the command line to see debug output for the token list and the syntax tree. If both –debug-normal and –verbose is used, the symbol database is also written.

The checks are written in C++.

Detailed overview

This happens when you execute cppcheck from the command line:

  1. CppCheckExecutor::check this function executes the Cppcheck
  2. CmdLineParser::parseFromArgs parse command line arguments
    • The Settings class is used to maintain settings
    • Use FileLister and command line arguments to get files to check
  3. ThreadExecutor create more instances of CppCheck if needed
  4. CppCheck::check is called for each file. It checks a single file
  5. Preprocess the file (through Preprocessor)
    • Comments are removed
    • Macros are expanded
  6. Tokenize the file (see Tokenizer)
  7. Run the runChecks of all check classes.
  8. Simplify the tokenlist (Tokenizer::simplifyTokenList2)
  9. Run the runSimplifiedChecks of all check classes

When errors are found, they are reported back to the CppCheckExecutor through the ErrorLogger interface.