CppCon, The C++ Conference 2024 - Daniel Marjamaki: "Building Cppcheck - What We Learned from 17 Years of Development" youtu.be/ztyhiMhvrqA Cppcheck has been evolving for 17 years, guided by a clear philosophy: minimal false positives and ease of use. This presentation will share the insights we've gained during its development. Our approach to easy configuration is a double-edged sword, providing user-friendly setup while occasionally leading to lower recall. We maintain a strict definition of false positives, ensuring the tool does not warn about well-written, functional code. This principle, while challenging, drives us to fix rather than suppress false positives. A core philosophy of Cppcheck is to learn from mistakes. When an issue is identified, we strive to implement checkers to prevent similar mistakes in the future. The open-source community plays a crucial role in Cppcheck's evolution. We collaborate to enhance the tool, scanning large codebases like Debian's source code to identify inconsistent or dangerous code and measure false positives. We also explore how abstractions, compiler annotations, and contracts can improve SCA tools' precision and performance. This talk will provide a comprehensive look at the lessons learned and the continuous improvement of Cppcheck. --- Daniel Marjamäki is a software engineer from Sweden and the author of Cppcheck, a static analysis tool for C/C++ code. He created Cppcheck to help developers find bugs and improve code quality. Thanks to his work, Cppcheck has become a widely used tool in the programming community. Marjamäki is known for his contributions to improving software development practices.
