The Eclipse CODAN (Code Analysis) plugin is part of CDT and is a powerful static analysis tool finding all kind of possible bugs and issues. Still to my surprise not many C/C++ developers take advantage of it maybe because they are not aware that it exists?
In this article I show a few tips how to effectively use it, especially with the NXP MCUXpresso SDK.
In this article I show how to use the CODAN feature in Eclipse using the NXP MCUXpresso IDE 11.2.1 and the NXP MCUXpresso SDK as example, but it applies to any other recent Eclipse distribution.
I show you how to use it and how to configure it. Because my mantra is to have warning free source code, I share my setting and tweaks how to reach this for example with the NXP MCUXpresso SDK.
For an actual example of CODAN finding a bug, see SDK I2C driver bug – NXP Community.
To run the static analysis, use the context menu on the project:
Running this might report a lot of errors and warnings because it might catch a lot of things which might be OK for your project. But you can configure the level of checking, either on a global (workspace) or local (project) level.
The global settings are under Window > Preferences > C/C++ > Code Analysis:
I recommend using project specific settings:
A confusing part is that the global settings seem to be OR’ed with the workspace ones? This is why I have the global settings with all items unchecked:
In the project settings I do have the following items disabled, because I do consider them as OK for my projects:
- Coding Style
- Line Comments
- Multiple Variable declaration
- Return with parenthesis
Issues are reported in ‘Problems’ view as well in the source editor view:
Clicking on the issue shows an explanation of the issue:
This adds a comment to the source requesting CODAN to ignore it:
Here is another example:
💡 Instead of using the ‘suppress’ menu I can simply write or paste that comment too.
It is possible to exclude files and folders for each rule: Below a check is excluded from multiple folders:
There are a few things to tweak the NXP MCUXpresso SDK to work with CODAN. First several of the header files provided by NXP lack the proper copyright information to be recognized by CODAN (see example above): these I do suppress as shown above.
Because CODAN analyses all source files in a project, this can cause issues if unused headers are present int he project. For example the NXP SDK includes in the CMSIS folder several header files which are for different compilers: they are not needed so I have them removed:
The other thing is that because RedLib (a custom library from NXP) does not fully follow the standard, CODAN reports several possible issues, including missing proper includes. I do recommend not using RedLib and using NewLib-nano instead:
The SDK startup code is not ‘clean’ as it has several forward extern declarations which are not used:
I usually fix them with deleting the not needed declaration in the source file.
Disable Files and Folders with Resource Filter
If you are using a source library and do not want to change it for CODAN, it is possible to disable files and folders for CODAN.
To disable analysis for a specific folder is different from excluding it for a build: Code Analysis works through the Eclipse Indexer, so I have to change the settings using the Resource Filter:
- Select the folder to be excluded
- Use the Properties context menu on that folder
- Go to Resource > Resource Filter and add a new filter
- Use the following settings:
- Exclude all
- Files and Folders
- Name matches *
If only some files shall be excluded: use a matching name filter.
This now excludes the files in that folder. Depending on your workspace Indexer settings, trigger an Index rebuild: context menu on the project and do an Index > Rebuild.
With this it should be possible a CODAN error and warning free build.
Static code analysis is very useful to catch possible bugs early in the development cycle. Eclipse CDT includes CODAN (Code Analysis) which does a good job. It might not be comparable to expensive commercial tools, but it is very worth to use it, especially because it is easy to use and free :-). If you want to use something else (free of charge) in addition to it, a look at CppCheck too.
Happy analyzing 🙂