What is static code analysis?

So what is unique in Cppcheck.

Cppcheck uses unsound flow sensitive analysis. Several other analyzers use path sensitive analysis based on abstract interpretation, that is also great however that has both advantages and disadvantages. In theory by definition, it is better with path sensitive analysis than flow sensitive analysis.

But in practice, it means Cppcheck will detect bugs that the other tools do not detect. In Cppcheck the data flow analysis is not only "forward" but "bi-directional". Most analyzers will diagnose this:

void foo(int x)
{
int buf[10];
if (x == 1000)
buf[x] = 0; // <- ERROR
}
Most tools can determine that the array index will be 1000 and there will be overflow.
Cppcheck will also diagnose this:
void foo(int x)
{
int buf[10];
buf[x] = 0; // <- ERROR
if (x == 1000) {}
}

What is undefined behavior?

A program that has undefined behavior is broken according to the C and C++ specifications. The result of undefined behavior can be any of: crash, hang, security vulnerability, safety issues, bug, unreachable code can be executed, works exactly as you want, etc. Undefined behavior allows the compiler to generate arbitrary code for instance it can freely remove code that has undefined behavior.

Examples of what may generate undefined behavior are listed below:

• Dead pointers
• Division by zero
• Integer overflows
• Invalid bit shift operands
• Invalid conversions
• Invalid usage of STL
• Memory management
• Null pointer dereferences
• Out of bounds checking
• Uninitialized variables
• Writing const data