Cppcheck

Overview

Open-source C/C++ static analyzer focused on actual bugs (undefined behavior, memory leaks, uninitialized variables, dead code) rather than style. Complements clang-tidy because it uses different analysis techniques and catches different classes of issue.

Benefits

• Free, easy to integrate into any build system
• Catches a different bug class than clang-tidy or compiler warnings
• Premium edition adds full MISRA C:2012/2023 and CERT-C coverage
• Active development with regular releases

Limitations & Risks

• Free version's MISRA coverage is partial
• Heavy templates and complex C++ can produce false positives
• Doesn't replace certified analyzers for safety-critical work

Recommended Actions

Add to CI alongside clang-tidy and compiler warnings; treat the three together as a layered defense and gate on violation delta. Upgrade to Cppcheck Premium if MISRA documentation is required.

Additional Notes

Cppcheck Premium adds certified MISRA support with commercial backing. Pairs with #20 Automated Code Review.

References & Links

• https://cppcheck.sourceforge.io/
• https://github.com/danmar/cppcheck