What open source C++ static analysis tools are available?

 

Java has some very good open source static analysis tools such as FindBugs, Checkstyle and PMD. Those tools are easy to use, very helpful, runs on multiple operating systems and free.

Commercial C++ static analysis products are available from vendors Klocwork, Gimpel and Coverity. Also there is less-known PVS-Studio analyzer. Although having such products are great, the cost is just way too much for students and it is usually rather hard to get trial version.

The alternative is to find open source C++ static analysis tools that will run on multiple platforms (Windows and Unix). By using an open source tool, it could be modified to fit certain needs. Finding the tools has not been easy task.

Below is a short list of C++ static analysis tools that were found or suggested by others.

  • C++ Check http://sf.net/projects/cppcheck/
  • Oink http://danielwilkerson.com/oink/index.html
  • C and C++ Code Counter http://sourceforge.net/projects/cccc/
  • Splint (from answers)
  • Mozilla's Pork (from answers) (This is now part of Oink)
  • Mozilla's Dehydra (from answers)
  • Use option -Weffc++ for GNU g++ (from answers)

    • What are some other portable open source C++ static analysis tools that anyone knows of and can be recommended?

    Some related links.

  • C++ static code analysis tool on Windows
  • http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis
  • http://www.chris-lott.org/resources/cmetrics/
  • A free tool to check C/C++ source code against a set of coding standards?
  • http://spinroot.com/static/
  • Choosing a static code analysis tool

    • Oink is a tool built on top of the Elsa C++ front-end. Mozilla's Pork is a fork of Elsa/Oink.

    See: http://danielwilkerson.com/oink/index.html

    CppCheck is open source and cross-platform.

    Mac OSX: 

    brew install cppcheck

    Concerning the GNU compiler, gcc has already a builtin option that enables additional warning to those of -Wall. The option is -Weffc++ and it's about the violations of some guidelines of Scott Meyers published in his books "Effective and More Effective C++".

    In particular the option detects the following items:

  • Define a copy constructor and an assignment operator for classes with dynamically allocated memory.
  • Prefer initialization to assignment in constructors.
  • Make destructors virtual in base classes.
  • Have "operator=" return a reference to *this.
  • Don't try to return a reference when you must return an object.
  • Distinguish between prefix and postfix forms of increment and decrement operators.
  • Never overload "&&", "||", or ",".
    • 链接地址: http://www.djcxy.com/p/40248.html

    上一篇: 作为程序员开发

    下一篇: 什么开源C ++静态分析工具可用?