The developer of Cppcheck (Daniel Marjamäki) is going to add the ability to verify software in C and C++ to his static analyzer.
Software verification in Cppcheck
In "verify" mode, Cppcheck will issue a warning if it fails to verify that the code is secure, however this can lead to noise (multiple warnings).
Implementation plans
Verification mode will be implemented sequentially. At the first stage, the work will be concentrated on the "divide by zero" test. This is a relatively simple check. Each function will be tested separately. It is assumed that all input data can have an arbitrary value. Checks for other types of undefined behavior will be added later. There are also plans to improve the parsing of C and C++.
Speed up development
The purpose of the Kickstarter fundraiser is to accelerate the development of the verification regime. The plan is to add this feature anyway, but work may take longer if funds are not raised. If funds are raised, then Daniel will be able to take a leave of absence from his main job in order to fully devote his working time to the cppcheck project.
Project Objectives
-
Improvement of the C++ parser.
Source: linux.org.ru