Cppcheck is a free, open source tool that does static analysis of C/C++ programs.
It is not a compiler, so make sure the syntax is correct by making sure whatever you check compiles first.
I ran the engine source through Cppcheck to check its results.
It does correctly flag many verifiable issues, though there are false positives,
and at the end of the day, the programmer knows best.
NOTE: I didn’t get the source updated locally for the latest 4.4 patches, in case some line numbers are incorrect etc (I have no need to compile the engine from source).
Obviously, I didn’t go through all 6000+ files, but here are some quick findings:
- Leaks: Did flag 23 files, most are third-party lib* projects. I didn’t verify them all, just had a quick look through some.
- ThirdParty: libs get flagged with classifications like “standard malloc/free issues”.
- BUG: Engine: ExistDestMeshDataPtr (\Source\Editor\UnrealEd\Private\Factories\ApexDestructibleAssetImport.cpp) at line 790.
- BUG: Engine: WindowsRegistry.cpp leaks Key and/or Value when returning within loop on error (lines 123, 137).
- False positive, though understandable: Discovered issue with float, though it’s part of an intended NaN check.
- \Source\Runtime\Core\Private\GenericPlatform\GenericPlatformMath.cpp and HAL stuff
- BUG: A very specific check caught several instances of if statements with the same expression on both sides of an expression, or same expression checked twice:
- (StaticMesh->LightMapCoordinateIndex >= 0) being checked twice in same if clause (function HasLightmapTextureCoordinates, StaticMeshComponent.cpp at line 1340)
- Caught else if that would never execute
- A lot if issues that got flagged were values not being initialized in the constructor list, nor in the body.
While it does call that a style issue, it seems inconsistent when some members are in the initialization list.
- Variables assigned but never found being referenced
- Style: Classes missing constructors
- Style: Tip about narrowing scope of some variables
- BUG: Weird stuff like this: SetErrorMode( SEM_NOGPFAULTERRORBOX | SEM_NOGPFAULTERRORBOX ); // same expression on both sides
- Performance: Variable getting re-assigned before first value was referenced.
- Out of bounds false positive (Cppcheck doesn’t simulate the clamping being done in the loop):
– line 4547: Array ‘V’ accessed at index 3, which is out of bounds.
– line 4534: Array ‘MaxDists’ accessed at index 3, which is out of bounds.
- BUG: Division by zero waiting to happen:
- MipCount remains 0 if Entry.AmbientCubemap is false, so it probably correctly flags that as an error in PostProcessAmbient.cpp, line 189
- BUG: Uninitialized value serialized and passed to SetReadOnly:
- NetworkFileServerConnection.cpp (bReadOnly), line 559
- Very specific detection, though I didn’t wade through the class to find what memory it referred to:
- ‘class FLightPropagationVolume’ does not have a copy constructor which is recommended since the class contains a pointer to allocated memory.
It’s still being developed (like most things, right) so be on the lookout for false-positives.
NOTE: I’m not sure how deep its knowledge goes when checking some pointers, or whether it does a blanket check on patterns like:
I found the tool got to 60% quite fast, then started to grind a bit.
Edit: I guess this serves as kind of a bug report as well.
There are a good few files to run through still, and I mostly ignored the ThirdParty code.