We always try to keep our software with high quality level as much as possible. The fault-tolerance computing comes first during development. Nevertheless high skilled professionals in programming cannot discover all possible problems in source code of the programs during development and testing. Therefore we have started to use a very nice semantic analyser – cppcheck.
Cppcheck is an static analysis tool for C/C++ code. Unlike C/C++ compilers and many other analysis tools it does not detect syntax errors in the code. Cppcheck primarily detects the types of bugs that the compilers normally do not detect. The goal is to detect only real errors in the code (i.e. have zero false positives).
In spite of there are limits of cppcheck, it shows rather good results in analysis. Just imagine this statistics:
Number of files scanned: 430
Scan duration: 1 hour and 3 minutes
Style warnings: 1017
Portability warnings: 159
Performance warnings: 424
During last weeks we have fixed following issues, reported by cppcheck:
- Mismatching allocation and deallocation
- Memory leak
- Common realloc mistake: 'm_pBuffer' nulled but not freed upon failure
- Unused variables declared;
- Unused private function
- Variable 't_bExistInList' is assigned a value that is never used
- The scope of the variable 'i' can be reduced
- Checking if unsigned variable 'a_nIndex' is positive is always true.
Style warnings: 933
Portability warnings: 1
Performance warnings: 6
All these remaining issues were checked but not fixed, because they will neither enhance program flow nor program development. Anyway we will come back to this analyser time to time in future.