Skip to content

cppcheck — integrate complementary bug-class analysis

Summary

cppcheck finds a complementary set of bugs to clang-tidy — particularly resource leaks, uninitialized variables, and integer overflow patterns that clang-tidy misses. Install and integrate.

Install

winget install Cppcheck.Cppcheck    # target 2.14+
cppcheck --version                  # verify

Run Command (once CI-001 provides compile_commands.json)

cppcheck `
  --project=build/compile_commands.json `
  --enable=all `
  --suppress=missingIncludeSystem `
  --suppress=unmatchedSuppression `
  --error-exitcode=1 `
  --output-file=cppcheck-report.txt `
  srchybrid/

Key Check Categories

Category Description
error Definite bugs (always enabled)
warning Possible bugs or undefined behaviour
performance Performance issues
portability Portability issues (Win32 vs POSIX)
style Style and best practices

Integration Strategy

  1. Run cppcheck on the full tree once and record the baseline error count.
  2. Add CI check that fails if new errors (not in baseline) appear.
  3. Suppress known false positives with // cppcheck-suppress inline or in a suppress.txt file.
  4. Reduce baseline count over time as real issues are fixed.

Acceptance Criteria

  • [ ] cppcheck installed at 2.14+
  • [ ] CI script runs cppcheck on changed files
  • [ ] Baseline error count documented
  • [ ] No regressions (new errors) introduced by new PRs

Prerequisite

CI-001 (compile_commands.json for --project flag)