What is static code analysis?

Static analysis tools are today an important part of the CI/CD tool-chain and are required by regulatory standards. Furthermore, to combat the increasing threat from cyber security attacks, Static Application Security Testing (SAST) has been identified as one of the key tools.

Specifically, according to CEWT 25, any commercial code will not be either Safe or Secure if you can’t find all of the Undefined Behavior bugs.

Using several static analysis tools can be a good idea. There are unique features in each tool. This has been established in many studies.


So what is unique in Cppcheck.

Cppcheck uses unsound flow sensitive analysis. Several other analyzers use path sensitive analysis based on abstract interpretation, that is also great however that has both advantages and disadvantages. In theory by definition, it is better with path sensitive analysis than flow sensitive analysis.

But in practice, it means Cppcheck will detect bugs that the other tools do not detect. In Cppcheck the data flow analysis is not only "forward" but "bi-directional". Most analyzers will diagnose this:

void foo(int x)
int buf[10];
if (x == 1000)
buf[x] = 0; // <- ERROR
Most tools can determine that the array index will be 1000 and there will be overflow.
Cppcheck will also diagnose this:
void foo(int x)
int buf[10];
buf[x] = 0; // <- ERROR
if (x == 1000) {}

What is undefined behavior?

A program that has undefined behavior is broken according to the C and C++ specifications. The result of undefined behavior can be any of: crash, hang, security vulnerability, safety issues, bug, unreachable code can be executed, works exactly as you want, etc. Undefined behavior allows the compiler to generate arbitrary code for instance it can freely remove code that has undefined behavior.

Examples of what may generate undefined behavior are listed below:

  • Dead pointers
  • Division by zero
  • Integer overflows
  • Invalid bit shift operands
  • Invalid conversions
  • Invalid usage of STL
  • Memory management
  • Null pointer dereferences
  • Out of bounds checking
  • Uninitialized variables
  • Writing const data

Contact us

Have any questions? Please contact us through the form below and we will get back to you asap!