LinuxCommandLibrary

cppcheck

Analyze C/C++ code for defects

TLDR

Recursively check the current directory, showing progress on the screen and logging error messages to a file

$ cppcheck . 2> cppcheck.log
copy

Recursively check a given directory, and don't print progress messages
$ cppcheck [[-q|--quiet]] [path/to/directory]
copy

Check a given file, specifying which tests to perform (by default only errors are shown)
$ cppcheck --enable [error|warning|style|performance|portability|information|all] [path/to/file.cpp]
copy

List available tests
$ cppcheck --errorlist
copy

Check a given file, ignoring specific tests
$ cppcheck --suppress [test_id1] --suppress [test_id2] [path/to/file.cpp]
copy

Check the current directory, providing paths for include files located outside it (e.g. external libraries)
$ cppcheck -I [include/directory_1] -I [include/directory_2] .
copy

Check a Microsoft Visual Studio project (*.vcxproj) or solution (*.sln)
$ cppcheck --project [path/to/project.sln]
copy

SYNOPSIS

cppcheck [OPTIONS] [files|paths]

PARAMETERS

-D
    Define preprocessor symbol, optionally with value

-U
    Undefine preprocessor symbol

-I
    Add include directory

--include=
    Force inclusion of file

--enable=
    Enable additional check (e.g., all, warning, style)

--std=
    Set standard (posix, c89, c99, c11, c++03, c++11, etc.)

--suppress=
    Suppress warnings that match spec

--suppressions-list=
    Suppressions from file

-i
    Exclude path

--file-filter=
    Filter files to analyze

--project=
    Use project configuration (XML/CompileDB)

-o
    Output errors to file

--xml
    XML output format

--html
    HTML report output

--junit
    JUnit XML output

-q
    Quiet mode, only print errors

-v
    Verbose output

--force
    Force checking of all files

--error-exitcode=
    Exit code for errors

--version
    Print version

--help
    Show help

DESCRIPTION

Cppcheck is an open-source static analysis tool designed to detect bugs, undefined behavior, dangerous coding constructs, and style issues in C, C++, and C-like languages. Unlike compilers, which focus on syntax and semantic errors during compilation, Cppcheck performs deep analysis to uncover subtle issues such as memory leaks, null pointer dereferences, buffer overflows, and misuse of standard library functions.

It supports a wide range of checks categorized into error detection, warnings, style, performance, portability, and more. Users can enable specific check categories with --enable, suppress false positives, and customize analysis via preprocessor definitions, include paths, and project configuration files. Cppcheck excels in early bug detection during development, integrates seamlessly with build systems like Make, CMake, and CI/CD pipelines (e.g., GitHub Actions, Jenkins), and outputs results in plain text, XML, or HTML formats for easy parsing.

Cross-platform and lightweight, it requires no compilation of the source code, making it fast for large codebases. While it may report false positives, its configurability minimizes noise. Actively maintained with regular updates, Cppcheck is invaluable for improving code quality and security in software projects.

CAVEATS

May produce false positives; requires tuning suppressions. Not all checks cover every edge case. Limited Java/Android support via addons.

EXIT STATUS

0: No errors found
1: Errors detected
2: Bad usage or fatal error

CONFIGURATION

Supports cfg XML files for projects and --addons for scripts (e.g., misra, y2038)

PLATFORMS

Linux, Windows, macOS. GUI available via cppcheck-gui.

HISTORY

Created in 2005-2006 by Daniel Marjamäki. First public release ~2008. Reached version 1.0 in 2010. Now at 2.12+ (2023), with community contributions, improved C++17/20 support, and MISRA checks.

SEE ALSO

gcc(1), clang(1), clang-tidy(1), scan-build(1), splint(1)

Copied to clipboard