Cppcheck Visual Studio

Use the cppcheck.sln file. The file is configured for Visual Studio 2019, but the platform toolset can be changed easily to older or newer versions. The solution contains platform targets for both x86 and x64. To compile with rules, select 'Release-PCRE' or 'Debug-PCRE' configuration. Pcre.lib (pcre64.lib for x64 builds) and pcre. Choose a tag to compare. Search for a tag. This commit was created on GitHub.com and signed with GitHub’s verified signature. GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits. VioletGiraffe released this on Jul 30, 2020. Visual StudioとCppcheckを連携する. Cppcheckのインストールが完了したら、Visual StudioとCppcheckを連携してみます。設定の方法は、以下のブログを参考にしました。ブログズミ: Cppcheck + Visual Studio; 2．外部ツールの設定画面で追加ボタンをクリックします。. Cppcheck: Running clang-tidy on visual studio projects in windows Here are some screenshots when running clang-tidy on visual studio projects in windows. Visual Studio solution #1.

Cppcheck Visual Studio Configuration

Features

Run cppcheck for the current cpp file in editor
Get all the issues with higher severity than the setting
Run cppcheck for the cpp files in the fold of current file
Each change on current file will trigger the execution of cppcheck for the file.
Output cppcheck results in CppcheckReport channel of Output window

Requirements

Please install cppcheck tool on OS first!!!website is http://cppcheck.sourceforge.net/All the cppcheck reports are dependent on execution of cppcheck executable file.

Extension Settings

Include if your extension adds any VS Code settings through the contributes.configuration extension point.

For example:

This extension contributes the following settings:

cppcheck.isEnable: enable/disable this extension
cppcheck.severity: set to error, warning,style,performance,portability, or information.

Known Issues

Release Notes

0.0.1

Initial release of cppcheckext

0.0.2

Get all the issues with higher severity than the setting

Contact

If you have any issues report them at Issues

License

Source

Analysis results by PVS-Studio
Analysis results by Cppcheck

In this article, I'm going to tell you about a check of the MatrixSSL project done with the static analyzers for C/C++ code PVS-Studio and Cppcheck.

The article is written by Pavel Pimenov, the author of the open peer-to-peer client FlylinkDC++. The article is published in our blog by his permission.

What I liked about the MatrixSSL project was that it came with the MS Visual Studio 2010 version available 'out-of-the-box'.

You know, in order to be able to build openSSL from source files for Visual C++, you usually have to dance around with a shaman's drum for a while :). That's why many Windows developers use ready binary openSSL builds such as Win32 OpenSSL Installation Project.

MatrixSSL is an alternative library of cryptographic algorithms distributed under the GNU license (commercial support is also available).

The source code of the open-source version can be downloaded from the official site. We analyzed the current version 3.7.1.

About the analyzers

PVS-Studio is a commercial static analyzer detecting errors in source code of C/C++/C++11 applications (we used version PVS-Studio 5.21).
Cppcheck is a free open-source analyzer (we used version Cppcheck 1.68).

Analysis results by PVS-Studio

Memory clearing

V512 A call of the 'memset' function will lead to underflow of the buffer 'ctx->pad'. hmac.c 136, 222, 356

The code of all the three functions is alright and only the used part of the array is cleared, but the analyzer warns that the size of the requested buffer - 128 bytes - is probably too large.

I think it's OK here but still it's better to clear either 64 or 128 bytes just for the code to look neat. You can write it, for example, like this:

V597 The compiler could delete the 'memset' function call, which is used to flush 'tmp' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. aes.c 1139

The optimizer throws away the call of the standard memset() function. I guess it may be critical for a crypto library and is a potential break.

Other similar issues: aes.c 1139, aes.c 1190, aes.c 1191, des3.c 1564, des3.c 1609, des3.c 1610, corelib.c 304, pkcs.c 1625, pkcs.c 1680, pkcs.c 1741

V676 It is incorrect to compare the variable of BOOL type with TRUE. Correct expression is: 'QueryPerformanceFrequency(& hiresFreq) FALSE'. osdep.c 52, 55

Cppcheck Cmake

PS_TRUE is declared as '1'. MSDN says the following about the return value of the QueryPerformanceFrequency function: 'If the installed hardware supports a high-resolution performance counter, the return value is nonzero' So, a safer way to write it is QueryPerformanceCounter() PS_FALSE

V547 Expression '(id = ssl->sessionId) ((void *) 0)' is always false. Pointer 'id = ssl->sessionId' != NULL. matrixssl.c 2061

There's an obvious error here: The condition will never be fulfilled because sessionld is declared as an array of 32 bytes and can't have a NULL address. This error is not critical of course and could probably be viewed just as an excessive pointless check.

V560 A part of conditional expression is always true: 0x00000002. osdep.c 265

We have a typo here: Instead of FILE_SHARE_READ | FILE_SHARE_WRITE, the programmer wrote && and got 1 && 2 1

which is equivalent to one FILE_SHARE_READ.

Probably incorrect condition

V590 Consider inspecting the '* c != 0 && * c 1' expression. The expression is excessive or contains a misprint. ssldecode.c 3539

Probable performance drop

V814 Decreased performance. The 'strlen' function was called multiple times inside the body of a loop. x509.c 226

Cppcheck Visual Studio Not Working

In this code, inside the while() loop, the analyzer detected a call of the strlen() function for a parameter which doesn't change. Generally it is not optimal but in this particular case since the strlen() function receives a constant known at the compilation stage, the optimizer in the /O2 mode will remove the function call completely and substitute it with the constant's value calculated at the compilation stage.

Analysis results by Cppcheck

This analyzer generated fewer warnings but there were some among them which PVS-Studio had failed to diagnose.

None of them affect the library's work as they all refer to unit-tests in cryptotest.

'Finishing return-shot in the head'

Consecutive return, break, continue, goto or throw statements are unnecessary. The second statement can never be executed, and so should be removed.

This is a copy-paste error. There are two identical lines at the end: return PS_SUCCESS;.

Another typo of this kind can be found in the function psSha384Test(void).

Memory leak

Memory leak: table

This issue is non-critical in this case but it's nice to see that Cppcheck can catch it. The code is inside files and looks as follows (copy-paste):

cryptotesteccperfeccperf.c
cryptotestrsaperfrsaperf.c

Resources are better to be requested right before they are really necessary. If you look at the code in those files, you will see that the table is not used at all, that is, the call of the malloc() function as well as the call of the free(table) function at the end are just excessive.

Conclusion

I am a FlylinkDC++ developer and I've been using the PVS-Studio analyzer granted to us as an open-source project for more than two years now. The analyzer more than once helped us find various bugs both in our own code and third-party libraries' code. Thanks to regular checks, FlylinkDC++'s code has become much more stable and safe. And that's wonderful!

Bugs Found

Collected Errors

14 526

Roslyn API: Why PVS-Studio Was Analyzing the Project So Long
Finally! PVS-Studio Supports .NET 5 Projects
Perl Script Instead of Blame-notifier on Linux OS
Hidden Reefs in String Pool, or Another Reason to Think Twice Before Interning Instances of String Class in C#
PVS-Studio Team's Kanban Board. Part 1: Agile

Do you make errors in the code?

Check your code
with PVS-Studio

Static code analysis
for C, C++, C# and Java

goto PVS-Studio;

Tweets by @Code_Analysis

Hunternorthern493