Make your Visual C++ experience much better

Visual C++  is one of the most used C++ IDE which provides many interesting features to developers, each new version brings new major features and many extensions are available to add more nice features to it.

In this post I will talk about some useful features provided by CppDepend.

CppDepend provides many useful metrics concerning the implementation and the design of your code base, but what’s more interesting is its code query language (CQLinq) to query the code base like a database. Therefore, you can easily create your custom rules. However, it will take you sometimes to master all its capabilities. It’s not very easy to understand all its features in the beginning you must be patient 🙂

Visualize your code base

Dependency Graph:

The dependency graph is the most common used graph to represent the dependencies between code elements, Visual Studio provides an interesting one. And the Graph provided by CppDepend is more oriented code quality, indeed the box size as the Edge thikness could be proportionel to one of many metrics available.

vs3

Dependency Matrix

The DSM (Dependency Structure Matrix) is a compact way to represent and navigate across dependencies between components. DSM is used to represent the same information than a graph but it’s more practical if :

  • Many code elements are involved.
  • You need to discover the dependency weight between elements.
  • Discover easily dependency cycles between code elements.

vs1

Treemap

In the Metric View, the code base is represented through a Treemap. Treemapping is a method for displaying tree-structured data by using nested rectangles. The tree structure used  is the usual code hierarchy:

  • C/C++ projects contain namespaces,
  • Namespaces contain types,
  • Types contains methods and fields.

The rectangle size is proportionel to the metric you choose, by default it’s the NbLinesOfCode. And the Metric View can display a second metric by coloring the treemap elements. Hence two code metrics can be displayed at once.

For example in this treemap the rectangle size correspond to the lines of code and the color to the cyclomatic complexity, you can visually detect where are the most complex method and the most big ones.

vs2

Metrics Info

Many metrics are available for projects, namespaces, classes, methods and fields. the info view report some of these metrics which is very helpful to check in dev the quality of our implementations.

vs8

Define Rules

CQLinq is maybe the most powerful feature provided by CppDepend, we can easily define some advanced queries to search for a specific code elements. The CQLinq editor has many nice features to help us create our custom rules and the result is calculated in real time.

vs5

Get diagnostics

With CppDepend you can get easilly all Clang, Cppcheck and Vera++ issues. You can plug other tools using the API.

vs9

Trend Charts

Trend chart is a useful feature to explore the evolution of a metric after some code changes, Many charts are provided by default and you can create easilly your own charts.

vs6

Advanced Search

Some times it’s useful to search methods by their code size, cyclomatic complexity, comment percent, coupling,…

The CppDepend provides this  features and you can search for code elements using many metrics.

vs7

Conclusion

CppDepend could help you understand better your code base and detect some impelmentation and design flaws. However, as mentioned before its feature richness makes it not easily accessible after a first use, you have to spent some hours to master some of its capabilities.

Why you should really care about C/C++ static analysis

Many resources discuss the benefits of using the static analysis tools, and how they could help you  improve your code base.  Somehow they show you what you could gain after using them. But did you asked yourself what do you lose if you don’t use them?

Let’s take an example of a memory corruption due to  free of a pointer twice, this cause random crash. It could take few hours or maybe many days to find this kind of issue. Many similar risky problems exist in C/C++ specially concerning memory corruption.  Just one problem could cost few dollars or many thousands of dollars.

The impact of an issue depends also on the nature of the program, Indeed a problem in an embedded application of a machine does not have the same impact as a crash in a paint application.Sometimes one problem  could cost many million of dollars or even many billions of dollars, like the case of Ariane 5  where a bug costs $7 billion.

What do  you lose if you use a static analysis tool?

Let’s take as example cppcheck, which is primarily detects the types of bugs that the compilers normally do not detect. Many interesting errors are reported by this tool.

You need less than one minute to download it, maybe 20 minutes to configure it, the analysis takes a few minutes to many hours, but in this time you are free to do other tasks. After the analysis you could have thousands of potential issues, in the beginning you could focus only on priority errors.

Finally for free static analysis tools, you lose only 30 min to have a list of potential issues that could cost you many thousand of dollars.

For commercial tools you lose more than time, you have to pay it. Therefore, you lose also money. Let’s suppose that you purchase a tool with 1000$ and it helps you  find a problem that needs two or  three days for a developer to find it.

Three days of a C/C++ developer could cost more than 1000$, it depends of course where the company is. But if you take into account the hidden cost of one issue, you will be surprised how many a simple issue could cost to the company. Many stories exist on the web talking about the cost of simple issues.

These last two years I was interested to static analysis tools and what they could report as issues? here are some tools I used:

CppCheck (Free):  Many checks are provided by CppCheck, here are some of the checks available:

  • Out of bounds checking
  • Checking exception safety
  • Memory leaks checking
  • Warn if obsolete functions are used
  • Check for invalid usage of STL
  • Check for uninitialized variables and unused functions

Clang(Free): Clang is a C/C++ compiler, its diagnostics are very interesting, you could be surprised by the relevant issues reported, it could concern:

  • Deprecated usage
  • Cast problems
  • Intialisation problems
  • OpenMP issues and more.

Vera++(Free): It’s more useful if you are interested in checking the style of your code base, here you find the Vera++ rules.

CppDepend (Commercial):  This tool provides many useful metrics concerning the implementation and the design of your code base, but what’s more interesting is its code query language (CQLinq) to query the code base like a database. Therefore, you can easily create your custom rules. However, it will take you sometimes to master all its capabilities.

PVS Studio (Commercial): This tool can detect a wide range of various bugs. It’s maybe the best to detect the 64-Bit Portability Issues.  the warnings reported are very precise. However, you could have many false positive issues.

Many other static analysis tools exist, some of them are easily accessible to test, for others you have to contact their companies and ask for a trial version.

If you could just lose 30 min and use cppcheck, be sure that you will not waste your time.