Anton's Research Ramblings

Static Code Analysis

Today I used a static analysis tool on some of my source code, and gave it a good, thorough run through. I'd never really done this before. I used "cppcheck" on my C source code. You just invoke it on your source folder with some optional flags - all very simple. Summary:

It immediately found 2 invalid array accesses, and told me about an invalid pointer assignment, that I was relying on working later in my code.

You can also go into verbose mode and get a whole list of potential problems, or style warnings - every time you use fscanf for a string parsing operation it warns you that it's unsafe, for example. I can see how you might use this occasionally during development to help write better code as you go, by always aiming for a "no warnings" output or so. I was pleasantly surprised that my code was pretty water-tight. The couple of problems it found were very worth finding, as it would have been a real pain to track them down after a segfault later.

There are other programmes that might be more comprehensive, but most are commercial or IDE-tied. For C code (not C++) there is a free programme called "splint". I found that it gets caught up on library includes quite easily, which makes it less practical to use but perhaps there is an option to ignore certain includes.