When comparing Clang Static Analyzer vs Cppcheck, the Slant community recommends Cppcheck for most people. In the question“What are the best open source C++ static analysis tools?” Cppcheck is ranked 1st while Clang Static Analyzer is ranked 2nd.
Specs
Ranked in these QuestionsQuestion Ranking
Pros
Pro Implemented as a Library
The Clang Static Analyzer has been implemented as a library for ease-of-use analysis of any project. Simply just import the library.
Pro Standalone Tool
A command line utility that enables a user to run the static analyzer over their codebase as part of performing a regular build (from the command line). This works by sending the compiled files through the analyzer and upon completion of the build the results will be presented within the web browser.
Pro Static Analysis for C++, C and Objective-C projects
Supports basically all languages of the C family.
Pro Maintained by a broad community.
This project has permanent support from a broad community.
Pro Fast
Pro Updated regularly
With each update comes new checks and a closer opportunity for zero false positives. Updates also include improvements to the algorithms and performance of the analyzer.
Pro Different output formats
Cppcheck allows the user to output the compiled source bugs to in a personalized fashion. It contains the ability to modify the output templates allowing for very simple user analysis. Adjust the output to suit your preferred format, or write your own!
Cons
Con Continuous work-in-progress
There are limitations to what static analysis can do, but the Clang Static Analyzer is far from reaching that point. There will be continuous improvements and updates to the project before the analyzer can reach its full potential. There is an upside that it will continually be worked on, however it is potentially behind other pay methods.
Con False Positives
Since static analysis can never be perfect, there are many bugs that may appear even though the code behaves correctly. This frequency of false positives can vary between different code checks.
Con Custom C++ Parser
The custom implementation of the C++ parser has at least the deficiency not to support template template arguments. Furthermore its doesn't make much sense to maintain a custom parsing code which is extremely costly. Instead of this one should use a more elaborate existing AST parser which is maintained by a broader community.
Con Limited ability to find Bugs
Cppcheck is not competitive with other tools like clang static analyzer in order find bugs. E.g. a simple nullpointer access isn't detected by cppcheck if it is function or method return value, whereas clang easily finds such bugs.
Con False Positives
As with any static analyzer it is impossible to get it perfect. Each project may produce errors even though the code behaves correctly. This result will vary different between code checks. All static analyzers are striving to achieve zero false positives.
Con Sole focus on bugs
Cppcheck purely checks for bugs in your code as opposed to other stylistic issues. If you wish to perform checks for that as well you will need to add another tool to your reservoir.