Make the most of CppCheck.

Static code analysis is the process of detecting flaws in software’s source code.  The static analysis tools are useful to detect common coding mistakes; here are some benefits from using them:

  • Make the code source more readable and maintainable.
  • Prevent unexpected behavior at runtime.
  • Optimize the execution.
  • Make the code more secure.

In the C++ world Cppcheck is the most popular tool to detect the issues in your C++ code base. Several ways exist to explore the result of cppcheck

 XML format: XML files could be generated from cppcheck, and it can be used to create a customized HTML report or used by another tool to explore the analysis result.

• HTML format: HTML report is very suitable way to present the cppcheck issues; it can be stored in a server and shared by the team.

• IDE Plugins: Many cppcheck plugins exsit, to explore the issues from the IDE.

Few years ago, we added in CppDepend the feature of importing the result of other tools, and query them from CppDepend. We asked Daniel, the lead developer of Cppcheck, if we could integrate his tool inside CppDepend. He replied:” a battery of tools is better than using 1 tool. Therefore, there’s no problem if we embed his tool.”

Let’s discover the possibilities that CppDepend provides to the cppcheck users:

1) Query the issues  with CQlinq

Using CQLinq permits to query the issues like a database. For example, you can get all the cppcheck issues:

cppcheck2

 

Or get the most recurrent issues:

cppcheck3

 

Moreover, it’s interesting also to identify the classes having most issues:

cppcheck4

The previous query is interesting, but it does not give us exactly the classes with lack of quality, another useful metric to take into account is the NBLinesOfCode. We can modify the previous request to calculate the ratio between the Issues count and the NBLinesofCode.

cppcheck6

 

We can also search for the most used methods having issues. Bugs in such methods must have a high priority to resolve.

cppcheck12

2) Generate Issues Trend

Having issues in a project is not an exception; any project could have many problems to resolve. However, we have to check the quality trend of the project. Indeed it’s a bad indicator if the number of issues grows after changes and evolution. CppDepend provides the Trend Monitoring feature to create trend charts.

Trend charts are made of trend metrics values logged over time at analysis time. More than 50 trend metrics are available per default and it is easy to create your own trend metrics.

With this trend chart we can monitor the evolution of the Cppcheck issues:

cppcheck7

3- Generate custom HTML report

CppDepend makes possible appending extra report sections in the HTML report that lists some CQLinq queries.
In the CQLinq Query Explorer panel, a particular CQLinq reported group  is bordered with an orange rectangle.

cppcheck10

And in the HTML report these added sections are accessible from the menu:

cppcheck11

 

4- Integrate cppcheck into the build process

CppDepend comes with the notion of Critical CQLinq Rule. Critical rules represent a mean to define high priority rules that must never be violated. With critical rules, it is possible to break the Build Process when a critical rule violation occurs.

A critical rule is just a CQLinq rule with the flag Critical Rule checked:


At Build Process time, when a critical rule is violated the process CppDepend.Console.exe returns a non-zero exit code. This behavior can be used to break the Build Process if a critical rule is violated.

We can easily define a cppcheck critical rule to break the build if  kinds of cppcheck issues are found.

Summary

CppDepend is open to other static analysis tools, and you can also plug your customized tool easily as described here. This way you can use all the CppDepend features to explore better the result from the known C/C++ static analysis tools.

And a special Thanks to Daniel who authorizes us to embed his amazing tool inside CppDepend.