Login
Book a Meeting
Dojo Five Logo

Be The Cppcheck Ruler

As a static analysis tool, Cppcheck has a set of default rules. However, when you are further into your development and realize that you need to create your own rules to catch specific bugs, this is the right blog for you. There are two ways to set your own Cppcheck rules: create an XML-based rule file, or create a C++-based rule file.

Creating an XML-based Rule File

Creating an XML-based rule file is more simple and straightforward but the bad news is the handling of this “simple” rule is deprecated and will be removed in Cppcheck version 2.5. In order to create a Cppcheck rule, one needs to have knowledge of regular expressions. A regular expression is used to find the line of code we want to check with. By having the regular expression in hand, we already can apply a rule with the following command option:

# Command usage
cppcheck --rule=<REGULAR_EXPRESSION> <FILE>
# An example of catching code redundancy
cppcheck --rule="if \\( p \\) { free \\( p \\) ; }" dealloc.cpp

The following is the output of the command above:

Checking dealloc.cpp...
[dealloc.cpp:2]: (style) found 'if ( p ) { free ( p ) ; }'

We can customize the responded message by creating an XML-based rule file with the regular expression. The following is a simple XML example that catches redundant code. Click here for more examples.

<?xml version="1.0"?>
<rule version="1">
 <pattern>if \\( p \\) { free \\( p \\) ; }</pattern>
 <message>
 <id>redundantCondition</id>
 <severity>style</severity>
 <summary>Redundant condition. It is valid to free a NULL pointer.</summary>
 </message>
</rule>

The pattern tag is where we insert the regular expression and the elements within the message tag are the messages that will be printed out on the terminal when the regular expression matches a line of code in a file. Once we have created the XML based rule file, we can use the following command option to locate the file, and apply the rule:

# Command usage
cppcheck --rule-file=<RULE_FILE> <FILE>
# An example of catching code redundancy
cppcheck --rule-file=dealloc.rule dealloc.cpp

The following is the output of the command above:

Checking dealloc.cpp...
[dealloc.cpp:2]: (style) Redundant condition. It is valid to free a NULL pointer.

Creating a C++-Based Rule File

A C++-based rule file will give us the flexibility to create a more sophisticated rule. In order to apply a C++-based rule file, we will have to recompile the Cppcheck tool with the rule file.

Build Cppcheck From Source

To build Cppcheck from the source, we first have to download the Cppcheck source code with the following command:

git clone <https://github.com/danmar/cppcheck/>

Rules are organized into Check classes. For example, there is a class with the name CheckStl that contains various stl rules. The CheckOther class can always be used if no other class suits you. When you have added your rule, you must recompile Cppcheck before you can test it. One of the ways to compile Cppcheck is by using g++.

To get started, search through the Cppcheck repo to find the source file and header file that have the same name as the class you want to add the custom rule to. For example, the CheckOther class and its methods are located in the checkother.cpp and checkother.h.

Let’s say you want to add a new rule to the CheckOther class. First, you have to create two new methods, one for detecting the pattern and one for error messaging. The following c++ code is an example of a rule to detect division by zero:

// Detect division by zero
void CheckOther::divisionByZero()
{
    // Loop through all tokens
    for (const Token *tok = mTokenizer->tokens(); tok; tok = tok->next())
    {
        // check if there is a division by zero
        if (Token::Match(tok, "/ 0"))
        {
            // report error
            divisionByZeroError(tok);
        }
    }
}
// Report error
void CheckOther::divisionByZeroError(const Token *tok)
{
    reportError(tok, // location
                Severity::error, // severity
                "divisionByZero", // id
                "Division by zero"); // message
}

The Token::Match function matches tokens against expressions. There are a few rules about the Token::Match expressions:

  • The tokens are either completely matched or not matched at all. For example, the token “abc” is not matched by “ab”.
  • Spaces are used as separators.
  • With normal regular expressions, there are special meanings for + * ? ( ) but these are just normal characters in Token::Match patterns.

Once the rule methods are added to the checkother.cpp, the checkother.h needs to get updated as well. The following are the things you need to add to the header file:

  • Declare the pattern detecting method as a public method in the CheckOther class and call it in the runChecks method: class CPPCHECKLIB CheckOther : public Check { public: void runChecks(...) OVERRIDE { // Checks ... checkOther.divisionByZero(); // Call the pattern detecting method ... } ... void divisionByZero(); // Declare the pattern detecting method ... }
  • Declare the error messaging method as a private method in the CheckOther class and call it in the getErrorMessages method: class CPPCHECKLIB CheckOther : public Check { private: // Error messages.. ... void divisionByZeroError(const Token *tok); // Declare the error messaging method ... void getErrorMessages(...) const OVERRIDE { // error ... c.divisionByZeroError(nullptr); // Call the error messaging method ... } }

Once the code is in place, we are ready to compile Cppcheck with the following command:

g++ -o cppcheck -std=c++11 -Iexternals -Iexternals/simplecpp -Iexternals/tinyxml2 -Iexternals/picojson -Ilib cli/*.cpp lib/*.cpp externals/simplecpp/simplecpp.cpp externals/tinyxml2/*.cpp

Compiling the Cppcheck code will result in an executable. Move the Cppcheck executable to a location in your PATH. There you have it, a Cppcheck with a custom rule is ready to be used.

DojoFive brings modern tools, techniques, and best practices from the web and mobile development environments, paired with leading-edge innovations in firmware to our customers to help them build successful products and successful clients. We have talented engineers on hand ready to help you with all aspects of your EmbedOps journey. Bring your interesting problems that need solving – we are always happy to help out. You can reach out at any time on LinkedIn or through email!

Sign up to get our content updates!

Unlock the full potential of your embedded projects with our expert insights! Dive into our comprehensive resources to stay ahead in firmware development. Subscribe now to get the latest best practices and guides delivered straight to your inbox.

Sign Up for Updates

Discover why Dojo Five EmbedOps is the embedded enterprise choice for build tool and test management.

Sign up to receive a free account to the EmbedOps platform and start building with confidence..

  • Connect a repo
  • Use Dev Containers with your Continuous Integration (CI) provider
  • Analyze memory usage
  • Integrate and visualize static analysis results
  • Perform Hardware-in-the-Loop (HIL) tests
  • Install the Command Line Interface for a developer-friendly experience
Sign up Today

Subscribe to our Monthly Newsletter

Subscribe to our monthly newsletter for development insights delivered straight to your inbox.

The Ultimate Guide to Modern Embedded Firmware Development​

From the smart devices in our homes to life-saving medical equipment, embedded systems are everywhere—and at the heart of each one lies embedded firmware. But as these systems become more powerful and connected, developing efficient, secure, and scalable firmware is more challenging than ever.

In thius conmprehensive guide, we dive into the latest tools, languages, and workflows reshaping embedded firmware development. Whether you’re wrestling with limited hardware resources, debugging complex systems, or scaling across multiple platforms, you’ll find practical strategies and expert insights to help you build better firmware–faster.

Read the full guide now

Interested in learning more?

Best-in-class embedded firmware content, resources and best practices

Laptop with some code on screen

I want to write my first embedded program. Where do I start?

The boom in the Internet of Things (IoT) commercial devices and hobbyist platforms like the Raspberry Pi and Arduino have created a lot of options, offering inexpensive platforms with easy to use development tools for creating embedded projects. You have a lot of options to choose from. An embedded development platform is typically a microcontroller chip mounted on a circuit board designed to show off its features. There are typically two types out there: there are inexpensive versions, sometimes called

Read More »
August 7, 2020
Medical device monitoring vitals

IEC-62304 Medical Device Software – Software Life Cycle Processes Primer – Part 1

IEC-62304 Software Lifecycle requires a lot of self-reflection to scrutinize and document your development processes. There is an endless pursuit of perfection when it comes to heavily regulated industries. How can you guarantee something will have zero defects? That’s a pretty hefty task. The regulatory approach for the medical device industry is process control. The concept essentially states that if you document how every step must be completed, and provide checks to show every step has been completed properly, you

Read More »
August 10, 2020
Operating room filled with medical devices

IEC-62304 Medical Device Software – Software Life Cycle Processes Primer – Part II

Part I provides some background to IEC-62304. Part II provides a slightly more in-depth look at some of the specifics. The IEC 62304 Medical Device Software – Software Lifecycle Processes looks into your development processes for creating and maintaining your software. The standard is available for purchase here. So what activities does the standard look at? Here are some of the major topics. For any given topic, there will be a lot more specifics. This will look at a few

Read More »
August 12, 2020