Cppcheck development
This wiki is about Cppcheck development
Reporting a problem / suggest improvement
If you want a Trac account to report issues in this issue tracker, you need to create a htpasswd hash and send that to Daniel Marjamäki (https://sourceforge.net/u/danielmarjamaki/). The htpasswd hash can be created online, google "htpasswd generator". Please provide a short example code that reproduces a problem when you apply for a trac account.
You can also use the Cppcheck forum (https://sourceforge.net/p/cppcheck/discussion/) to report problems. Cppcheck team members will then create tickets in this issue tracker.
How to submit a patch
Create a pull request at github.
Debug output
The debug messages are not official and you can't expect that any plugins will handle them. The debug messages are not described nor listed anywhere. The debugging interface is not guaranteed to be compatible in the future so your shell scripts etc might break at any time if you use it.
The --debug-warnings flag enable warnings about unhandled code, bailouts, etc.
To see extensive debug output use --debug. This is most useful on small code samples because it is verbose. The code that is shown should be as simplified as possible. Any calculations that are known at compile time should be reduced. So if you see something in the code that can be simplified report it.
Creating new tickets
Defects:
- false positive
- hang / crash
- fail to compile
Enhancements:
- new checks
- an existing check fails to detect bug (use the component "improve check")
- suggestions about different output
Priority: Use 'Normal' by default. Use 'High' when:
- Defects: crash when scanning compilable code.
- Enhancements: Detecting more errors (not warning/style/etc).
Please try to provide a small code snippet to show/reproduce the issue. As long as they only consist of a few lines (which is the preferable size of such code examples), we prefer that they are enclosed in {{{ }}} and inlined in the ticket description instead of being attached.
Keywords
Some common keywords:
| Keyword | Meaning |
|---|---|
| ast | abstract syntax tree |
| c++11 | c++11 features |
| c++14 | c++14 features |
| c++17 | c++17 features |
| condition | ticket is about conditions (always true/false, identical, overlapping, etc) |
| ctu | cross translation unit analysis (whole program analysis) |
| patch | a patch is attached |
| regression | for regressions |
| simple | ticket might be relatively simple to fix |
| suppression | Suppressions |
SymbolDatabase | ticket about our SymbolDatabase
|
| template | handling of templates |
| UB | undefined behaviour |
ValueFlow | data flow analysis |
| varid | wrong variable id |
It is also common practice to use message id as keyword. If the ticket is about a specific warning.
Reducing large examples
Example code should be stand-alone and as small as possible. It's not necessary that the code does compile or that it's even a complete program including main(). It's acceptable if some declarations or definitions are omitted.
Steps to try:
- Remove code beyond the related line. Make sure that the structure of the code (preprocessor clauses, namespaces, scopes, etc.) remain valid
- Remove external dependencies from #include statements (or inline their content for further processing)
- Reduce the remaining code
There is a tool available in the cppcheck sources which can be used for an automatic approach:
- reduce.py - a Python script
You may also try 3rd-party tools:
Documentation
Documentation is available
- Online editable in another wiki - with a few sections translated into German
- Generated from the !DocBook sources in two flavors:
- PDF -> http://cppcheck.sourceforge.net/manual.pdf
- HTML -> http://cppcheck.sourceforge.net/manual.html (opened from the GUI help menu)
Source code
Latest version is available on github. You can use git (preferred) or subversion:
- git:
git clone git://github.com/danmar/cppcheck.git
- svn:
svn checkout https://github.com/danmar/cppcheck/trunk
Simple issues to fix
If you want to help us you can start by looking at the tickets that we consider to be simple. http://trac.cppcheck.net/query?status=new&col=id&col=summary&keywords=~simple
Bounty
Some tickets have a bounty. Old unfixed defects.
Defects are shown here: http://trac.cppcheck.net/report/10
The defects with ticket number 0-3999 has a bounty of 50 USD / ticket.
The defects with ticket number 4000-4999 has a bounty of 30 USD / ticket.
The defects with ticket number 5000-5999 has a bounty of 20 USD / ticket.
The defects with ticket number 6000-6999 has a bounty of 10 USD / ticket.
To get the bounty for a ticket, either commit the fix and close the ticket, or attach a patch to the ticket. A testcase must be included for false positives and crashes. There shall be no regressions. If any old test cases fail you must motivate this. When the defect is closed, please request the bounty by sending me a message using this form: https://sourceforge.net/u/danielmarjamaki/profile/send_message
No bounty is payed for tickets that are closed with "worksforme" / "invalid" / "wontfix".
Developer information
Cppcheck is a simple tool for static analysis of C/C++ code.
When you write a checker you have access to:
- Token list - the tokenized code
- Syntax tree - Syntax tree of each expression
- SymbolDatabase - Information about all types/variables/functions/etc in the current translation unit
- Library - Information about functions
- Value flow analysis - context sensitive analysis that determine possible values for each token
You can read more in the "cppcheck design" article. The source code is documented using doxygen.
Additional resources:
- More information is available through this webpage: http://cppcheck.sourceforge.net/devinfo/
- Design decisions
- Coding style
Questions
When you have a question concerning development, read (or expand) our QuestionsAndAnswers article.
