Follow this blog by Email

Friday, 22 November 2013

Commands for various tools to do Static Code analysis of C C++ source

Static code analysis is a very important step that every software developer, organisation should carry out to check if the code has any subtle possible issues which could cause bugs in the code.
A static code analysis of code using various tools can detect many errors or warning in the code like uninitialized variables, dangerous variable type conversions signed to unsigned, language specification violations etc.

Here I am going to explain in detail, usage of multiple static analysis tools
which I use for detecting such possible issues in my C,C++ code. After I get the output errors and warnings from these static analysis tools, a thorough code review of the code is done and then I try to remove as much errors and warnings as possible considering there could be some 'false positive' issues reported by some of these tools at some places of code. But either ways it is good to have all diagnostics of the code done and available to you, to be able to take an informed decision about possible changes to the code.

My code development setup is such that the C C++ code I have needs to be able to compile on Windows-x86, Linux-x86, and Linux-ARMV7 platforms.
The code is written in a protable way with all architecture specific, os specific calls inside conditional statements such that it does not cause build issues on either of the platform mentioned above.

Below is the exact command-line options, settings used in each code analysis/compiler tool to get maximum information in form of errors and warnings about possible issues in code.
1] gcc 
I always compile my code using below gcc options in the make file:-
 -Wall -Wextra -Wuninitialized -pedantic
These options almost always detect many issues like variables used
before initializing them, all warnings , even some pedantic warnings about
non-adherence to code language standard.
Few sample warnings these options generated on my code:
   ../../../../../code/my1.cpp:218:54: warning: ‘pChannel’ may be used uninitialized in this function
   ./../../../../../IP/Lib/src/portablity.h:90:12: warning: unused parameter ‘numberOfElem’ [-Wunused-parameter]
2] clang
Clang is an opensource compiler frontend used with llvm
It has a very good code analysis tool to analyze source code.
To analyze a single source file the command is as below:
clang++ --analyze -I/home/ad/IP/Lib/src/  -Weverything -pedantic -fshow-column 
-fcaret-diagnostics -fcolor-diagnostics -ferror-limit=9999999 -fdiagnostics-show-category -std=c++98 file1.cpp

Sample warnings and errors clang static analyzer generated:
 /home/ad/IP/Lib/src/Pkt.h:60:6:error: ISO C++ forbids forward references to 'enum' types
 /home/ad/IP/Lib/src/Pkt.h:67:4:error: field has incomplete type 'Pkt_t

3] PRQA-C++
 This tool from PRQA research is a good tool which enforces MISRA C/C++ rules in its static code analysis process.
There is a evaluation version of this tool available for download and try.
You can add all source files into the project in this tool and run code analysis on them
It generates a compliance report on analyzing the source files and detect and report issues like Conversion to unsigned,
  Overflow and wraparound issues, Portability Problems and many others.

4] PCLint
 PCLint is a static analysis tool which has been around for a long time now.

 lint-nt-8p.exe -w4 -wlib(0) -e309 -e1904 +fce +fcp +cpp(cpp,cxx,cc) -i"C:\mycode\include" file1.cpp > file1cpp_lintoutput.txt

This will generate the lint code analysis report in the file file1cpp_lintoutput.txt

Sample output of the lint static code analysis:

 #define NUM_OF_ERROR_CODES 88
 ErrorCodes.h  45  Note 1923: macro 'NUM_OF_ERROR_CODES' could become const variable

  Msgs.h  352  Note 958: Padding of 7 byte(s) is required to align member
    on 8 byte boundary

5] Eclipse Codan Analysis
 Eclipse is a free tool. Download and install Eclipse CDT.
Create a workspace in ecliplse. Create new empty C/C++ project in it. Then add your source and header files to that project.
Eclipse has a inbuilt code analysis toot called CODAN.
Right-click Eclipse project-->Run C/C++ Code analysis. This shows all errors/warnings generated from this analysis.

6] Cppcheck 
This is a static C/C++ code analysis tool available of linux. On Ubuntu we can install it as
sudo apt-get install cppcheck

cppcheck --enable=all -I ./ -I /home/ad/IP/Lib/include/ -I /home/ad/src/include/  file1.cpp
If you want you can redirect the output of this static analysis to a text file for later analysis:

cppcheck --enable=all -I ./ -I /home/ad/IP/Lib/include/ -I /home/ad/src/include/  file1.cpp >file1cpp.txt 2>&1

Sample outcome of static code analysis using cppcheck:

[/home/ad/IP/Lib/src/hash.h:160]: (error) Uninitialized variable: data8  
[/home/ad/IP/Lib/src/Log.h:375]: (error) Null pointer dereference
[file1.cpp:5837]: (style) Variable 'pString' is assigned a value that is never used

7] Mac OS XCode static analysis
    I create a XCode C++ project for my code, on MacOSx or iOS.
Then use the XCode inbuild static Code analysis tool which is also pretty nifty and gives information about your source code.

8] Visual C++ 2008 / Visual Studio X All Warnings enabled
  In your Visual C++ solution, you have a project created. Once you add all source files to that project.
  Right click Project-->Properties-->C/C++-->General-->Warning level:
  Here selecting highest level of warning Level 4 /W4 option enables all warnings and diagnostic messages.
  Once you compile the code using VC++, the warnings are displayed in the Build output window of VC++.

 Static analyze your source and catch all potential bugs early before they get a chance to execute and become a pain to debug, as ounce of prevention is better than pounds of cure!


Anonymous said...

I think all the major IDE's for higher level programming take care of these but what they don't take care of is any issues in the code that can cause had to find issues like memory leaks, multi-threading gone wrong etc.

Anonymous said...

Actually for Visual Studio there is a /Wall option but it doesn't show up in the general settings page drop down list.

You have to specify it in the additional options field in the command line page.

Anonymous said...

To the anonymous who complained about lack of checking for memory leaks, multi threading errors, you should check out the clang sanitisers which do all that and more!

Tad Ashlock said...

Do any of the non-compiler tools have good support for C++11? Last time I tried Flexelint (Gimpel), it choked on C++11 input.

Kissaki said...

cppcheck is not linux only.

Anonymous said...

GCC has many warnings options that most people seems to be unaware of and many of them are not enabled by -Wall. This is what I try to use whenever possible:

-Wall -Wextra -std=C99 -Wunreachable-code -Wshadow -Wstrict-prototypes -Wmissing-declarations -Wredundant-decls -Wswitch-default -Wswitch-enum -Wfloat-equal -Wundef -Wconversion -Wp,-Wunused-macros -Wl,--warn-common

Pierre Rasmussen said...

I like your post and your idea behind it. I would like better examples on what your parameters actually do (even if I could guess most of them) and why you choose them.

Lars: I like your choice of parameters. Its interesting to see how many options there actually exists for GCC.

Steve Dirickson said...

The /W options don't cause Visual Studio (technically, the Microsoft C++ compiler) to do code analysis; they control how strictly your source has to conform to the language spec (well, the spec as known to that version of the C++ compiler). To get your code checked for potential NULL pointers, off-by-one errors, and such, you have to run a separate /analyze compile; this is most easily done with the "Analyze" item on the main menu bar. You can use the "Configure" sub-menu item to select more- or less-extensive rule sets to be used for the check.

Andrey Karpov said...

PVS-Studio static code analyzer for Visual C++: