C/C++

Analysis focuses on memory safety, security robustness, portability, and performance characteristics of C and C++ codebases.

Key Features

• CPPCheck integration (static diagnostics)
• Memory safety checks (lifetime, pointer misuse)
• Security vulnerability pattern detection
• Performance & efficiency heuristics

Supported Standards & Guidelines

• C11, C17, C23
• C++11, C++14, C++17, C++20, C++23
• MISRA C and C++ (selected rule coverage)
• CERT C/C++ recommendations

Analysis Domains

Memory Safety

• Buffer overflow detection
• Leak identification
• Use‑after‑free pattern detection
• Double‑free prevention
• Null pointer dereference checks

Security

• C/C++ CWE Standards
• CERT Compliance
• Input validation gaps
• Integer overflow/underflow risks

Performance

• Algorithmic complexity hints
• Cache locality observations
• Memory alignment considerations
• Potential SIMD/vectorization opportunities

Tooling Integration

• Install CPPCheck
• Clang‑Tidy (configurable checks)
• Pluggable static analyzer extensions

Unit Testing Support

• C/C++ Unit Tests
• GoogleTest integration

Best Practices

• Adopt modern standards (C++17/C++20) for improved safety features.
• Enforce bounds checking on critical buffer operations.
• Regularly audit suppression lists for security rules.
• Use sanitizers (ASan/UBSan) in CI for deeper runtime checks.

Related Documentation

• C/C++ CWE
• CERT Standards
• Install CPPCheck
• Unit Testing

See Also

• Set up C/C++ code coverage.