Static analysis tools look for a wide range of potential errors with code that compilers do not look for. Cppcheck is a an open source static analysis tool, it is extensible and being actively developed. These are the sorts of errors that can be found
- Out of bounds checking
- Memory leaks checking
- Detect possible null pointer dereferences
- Check for uninitialized variables
- Check for invalid usage of STL
- Checking exception safety
- Warn if obsolete or unsafe functions are used
- Warn about unused or redundant code
- Detect various suspicious code indicating bugs
This post walks through the process of installing Cppcheck and integrating it with eclipse CDT as well as on Jenkins.
Download and run the msi installer from http://cppcheck.sourceforge.net. I clicked on through accepting the defaults.
NOTE: I installed version 1.71, originally I tried the x64 version but had problems, the x86 version worked fine.
To understand how to run cppcheck refer to the manual
Installing the eclipse plugin
In eclipse click Help->Eclipse Marketplace and search for Cppcheclipse.
Click Install then Confirm >
Accept the terms of the license and Finish. (I was prompted about installing unsigned software – I chose to continue). When prompted restart eclipse.
The next step is to configure the plugin. In Eclipse go to Window->Preferences->C/C++->cppcheclipse and set the path for the binary
Now review the Problems and Settings preferences, see below for the settings I use, I have all Problems enabled.
Now In the C/C++ perspective select the project that you want to check, right click and select cppcheck->Run cppcheck.
Any problems found are shown in the Problems tab
Double clicking on an issue takes you to the offending code (could this be a deliberate error?)
NOTE: I had repeated problems with errors: URI is not absolute
I worked around this by changing all include paths for the project to absolute paths. Not a real solution for me, for now I change the paths to analyse and then change back afterwards, or ignore the eclipse plugin and run on the command line.
Installing the Jenkins Plugin
Log in to Jenkins and go to Jenkins->Manage Jenkins->Mange Plugins, select the Available Plugins tab and Filter for cppcheck.
check the Install check box and select Install without restarting.
At this point you need to configure Jenkins to run the analysis and report on it, static analysis typically takes much longer than compilation for the same code. So in a real world application I would create a new Jenkins Job that checks out the code and runs the analysis. For my home project I’ll just extend the existing job.
Edit the node configuration for the build slave (Jenkins->Manage Jenkins->Manage Nodes) to add a label for cppcheck and also set an environment variable to say where cppcheck is installed.
Now in your Jenkins Job configuration – make it depend on the cppcheck label
Add a build step to run cppcheck, the example below is what I have, note the 2> which redirects stderr into a file, this is needed to capture the xml output.
Add a Post Build step to publish the cppcheck results (Once it is working play with the advanced options).
Now run a couple of builds and you should see graphing of the analysis results, be able to drill into the results down to the specific lines in files.