Do you know any good static code analysis tools for c/c++?
-
Hy all, Trying to keep the bug count as low as possible i thought i'd use a tool that performs static code analysis on my c/c++ projects. I already use one that performs runtime verifications and analysis but i have a feeling there's room for improvement. There are a lot of tools out there and i simply have a hard time choosing one. What do you recommend? It can be proprietary or not...
Stefan Bogdan wrote:
Trying to keep the bug count as low as possible ...
Me too. I stopped counting.
Stefan Bogdan wrote:
... i thought i'd use a tool that performs static code analysis on my c/c++ projects.
Isn't that called a compiler?
Stefan Bogdan wrote:
I already use one that performs runtime verifications and analysis
I thought that's what users are for. :doh: ;P
CQ de W5ALT
Walt Fair, Jr., P. E. Comport Computing Specializing in Technical Engineering Software
-
I use a handy garbage recepticle for code analysis. :) Seriously though, I think there's a free tool that calculates the complexity of your code, and things like that, but I dont remember the name of it.
.45 ACP - because shooting twice is just silly
-----
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"The staggering layers of obscenity in your statement make it a work of art on so many levels." - J. Jystad, 2001SourceMonitor[^] :)
Anna :rose: Tech Blog | Visual Lint "Why would anyone prefer to wield a weapon that takes both hands at once, when they could use a lighter (and obviously superior) weapon that allows you to wield multiple ones at a time, and thus supports multi-paradigm carnage?"
modified on Friday, June 4, 2010 2:39 PM
-
PC Lint[^] It is also worth to look at: Visual Lint[^]
Thanks for the plug! We now owe you :beer: if ever you're down our way. ;) FWIW we've Eclipse/CDT (initially for Windows, Linux in time hopefully) and command line (for build server use) versions of Visual Lint on the way. We had the Eclipse plug-in on our stand at ACCU this year, and it seemed to get quite a bit of interest. Once they are out of the way the plan is to look at adding support for other analysis tools (we already have a derived product for the Tiobe TICS framework[^]) and possibly a plug-in for Borland/Codegear C++.
Anna :rose: Tech Blog | Visual Lint "Why would anyone prefer to wield a weapon that takes both hands at once, when they could use a lighter (and obviously superior) weapon that allows you to wield multiple ones at a time, and thus supports multi-paradigm carnage?"
-
Hy all, Trying to keep the bug count as low as possible i thought i'd use a tool that performs static code analysis on my c/c++ projects. I already use one that performs runtime verifications and analysis but i have a feeling there's room for improvement. There are a lot of tools out there and i simply have a hard time choosing one. What do you recommend? It can be proprietary or not...
I'll declare an interest here as I'm responsible for Visual Lint[^] (a PC-lint integration plug-in for Visual Studio). :-\ If you decide to go with PC-lint, feel free to drop me a line and I'll do what I can to assist you in setting it up. SourceMonitor[^] is also worth knowing about - it's a metrics tool rather than a static analysis tool, but in our experience examining the cyclomatic complexity metrics of a project can yield a lot of intelligence about where the trouble spots are likely to be. Comparing the average complexity of your entire codebase between builds is also a great way of determining whether your code is getting better (lower complexity) or worse (higher complexity).
Anna :rose: Tech Blog | Visual Lint "Why would anyone prefer to wield a weapon that takes both hands at once, when they could use a lighter (and obviously superior) weapon that allows you to wield multiple ones at a time, and thus supports multi-paradigm carnage?"
-
I'll declare an interest here as I'm responsible for Visual Lint[^] (a PC-lint integration plug-in for Visual Studio). :-\ If you decide to go with PC-lint, feel free to drop me a line and I'll do what I can to assist you in setting it up. SourceMonitor[^] is also worth knowing about - it's a metrics tool rather than a static analysis tool, but in our experience examining the cyclomatic complexity metrics of a project can yield a lot of intelligence about where the trouble spots are likely to be. Comparing the average complexity of your entire codebase between builds is also a great way of determining whether your code is getting better (lower complexity) or worse (higher complexity).
Anna :rose: Tech Blog | Visual Lint "Why would anyone prefer to wield a weapon that takes both hands at once, when they could use a lighter (and obviously superior) weapon that allows you to wield multiple ones at a time, and thus supports multi-paradigm carnage?"
I came across PC-Lint myself a few days ago... Now that it has been recommended to me by 2 out of 4 people that replied to my message i have to say i'm getting quite interested. The only problem is PC-Lint does not offer a trial version... It would be nice if I could give it a try for a few days...
-
Hy all, Trying to keep the bug count as low as possible i thought i'd use a tool that performs static code analysis on my c/c++ projects. I already use one that performs runtime verifications and analysis but i have a feeling there's room for improvement. There are a lot of tools out there and i simply have a hard time choosing one. What do you recommend? It can be proprietary or not...
Let me also endorse PC Lint. Incredibly good value compared to most of the very expensive static code analysis tools out there. (PC-Lint is a few hundred pounds a seat, whereas most other tools are several thousand!). It's very full featured and enormously capable. I've been using it since Version 6 in 1993 and for me it's the most essential tool after Visual Studio itself. Riverblade's Visual Lint is a great enhancement to it that integrates it near seamlessly into Visual Studio. However there are also some free tools: Cppcheck: http://sourceforge.net/apps/mediawiki/cppcheck/index.php?title=Main_Page[^] Splint (C only): http://www.splint.org/[^] and on high end versions of Visual Studio (from 2005 onwards). There's the /analyze switch Which runs a static analysis (ish) level of checking in Visual Studio - but it's not nearly as capable as the independant tools. In summary: If you can afford to spend, I'd recommend going with PC-Lint (and Visual Lint, if you've a bit more money too). Mike
-
Thanks for the plug! We now owe you :beer: if ever you're down our way. ;) FWIW we've Eclipse/CDT (initially for Windows, Linux in time hopefully) and command line (for build server use) versions of Visual Lint on the way. We had the Eclipse plug-in on our stand at ACCU this year, and it seemed to get quite a bit of interest. Once they are out of the way the plan is to look at adding support for other analysis tools (we already have a derived product for the Tiobe TICS framework[^]) and possibly a plug-in for Borland/Codegear C++.
Anna :rose: Tech Blog | Visual Lint "Why would anyone prefer to wield a weapon that takes both hands at once, when they could use a lighter (and obviously superior) weapon that allows you to wield multiple ones at a time, and thus supports multi-paradigm carnage?"
Write a Visual Lint plugin for Qt Creator next. I'd test it for you. :)
-
I came across PC-Lint myself a few days ago... Now that it has been recommended to me by 2 out of 4 people that replied to my message i have to say i'm getting quite interested. The only problem is PC-Lint does not offer a trial version... It would be nice if I could give it a try for a few days...
It's true that Gimpel don't do a trial version BUT (and do check this) I believe they offer a 30 day money back guarantee if not pleased with the product. Trust me you'll be delighted. It's a great product, and they're a great firm.
-
I came across PC-Lint myself a few days ago... Now that it has been recommended to me by 2 out of 4 people that replied to my message i have to say i'm getting quite interested. The only problem is PC-Lint does not offer a trial version... It would be nice if I could give it a try for a few days...
Also, if you'd like to see PC-Lint in action, you can post excerpts of code into their online demo webpage and have it analyse them - you'll be impressed: See: (and especially the "Do It Yourself" links at the end of the web page:) http://www.gimpel-online.com/OnlineTesting.html[^] eg. http://gimpel-online.com//cgi-bin/genPage.py?srcFile=diy.cpp&cgiScript=analyseCode.py&title=Do-It-Yourself+Example+%28C%2B%2B%29&intro=This+example+allows+you+to+specify+your+own+C%2B%2B+code.&compilerOption=online32.lnt&includeOption={{quotedIncludeOption}}[^]
-
Write a Visual Lint plugin for Qt Creator next. I'd test it for you. :)
Now I just knew you were going to say that! :-\ Shame there are only 24 hours in the day. :doh:
Anna :rose: Tech Blog | Visual Lint "Why would anyone prefer to wield a weapon that takes both hands at once, when they could use a lighter (and obviously superior) weapon that allows you to wield multiple ones at a time, and thus supports multi-paradigm carnage?"
-
I came across PC-Lint myself a few days ago... Now that it has been recommended to me by 2 out of 4 people that replied to my message i have to say i'm getting quite interested. The only problem is PC-Lint does not offer a trial version... It would be nice if I could give it a try for a few days...
That's true sadly (we'd love them to do a trial version of PC-lint, as then we could produce a combined installer for both products), but there is an interactive demonstrator[^] on Gimpel's website which lets you try it out "live" - and that goes some way towards making up for the omission.
Anna :rose: Tech Blog | Visual Lint "Why would anyone prefer to wield a weapon that takes both hands at once, when they could use a lighter (and obviously superior) weapon that allows you to wield multiple ones at a time, and thus supports multi-paradigm carnage?"
-
Let me also endorse PC Lint. Incredibly good value compared to most of the very expensive static code analysis tools out there. (PC-Lint is a few hundred pounds a seat, whereas most other tools are several thousand!). It's very full featured and enormously capable. I've been using it since Version 6 in 1993 and for me it's the most essential tool after Visual Studio itself. Riverblade's Visual Lint is a great enhancement to it that integrates it near seamlessly into Visual Studio. However there are also some free tools: Cppcheck: http://sourceforge.net/apps/mediawiki/cppcheck/index.php?title=Main_Page[^] Splint (C only): http://www.splint.org/[^] and on high end versions of Visual Studio (from 2005 onwards). There's the /analyze switch Which runs a static analysis (ish) level of checking in Visual Studio - but it's not nearly as capable as the independant tools. In summary: If you can afford to spend, I'd recommend going with PC-Lint (and Visual Lint, if you've a bit more money too). Mike
I've not found CppCheck to be much cop, quite frankly (though maybe our code is just too clean...), but Splint is on our radar now that we're doing an Eclipse/CDT plug in (the reasoning being that Eclipse is often used for embedded development, and many embedded projects are C only). Lots to do, as ever. :)
Anna :rose: Tech Blog | Visual Lint "Why would anyone prefer to wield a weapon that takes both hands at once, when they could use a lighter (and obviously superior) weapon that allows you to wield multiple ones at a time, and thus supports multi-paradigm carnage?"
-
It's true that Gimpel don't do a trial version BUT (and do check this) I believe they offer a 30 day money back guarantee if not pleased with the product. Trust me you'll be delighted. It's a great product, and they're a great firm.
They do. :)
Anna :rose: Tech Blog | Visual Lint "Why would anyone prefer to wield a weapon that takes both hands at once, when they could use a lighter (and obviously superior) weapon that allows you to wield multiple ones at a time, and thus supports multi-paradigm carnage?"
-
Hy all, Trying to keep the bug count as low as possible i thought i'd use a tool that performs static code analysis on my c/c++ projects. I already use one that performs runtime verifications and analysis but i have a feeling there's room for improvement. There are a lot of tools out there and i simply have a hard time choosing one. What do you recommend? It can be proprietary or not...
-
Hy all, Trying to keep the bug count as low as possible i thought i'd use a tool that performs static code analysis on my c/c++ projects. I already use one that performs runtime verifications and analysis but i have a feeling there's room for improvement. There are a lot of tools out there and i simply have a hard time choosing one. What do you recommend? It can be proprietary or not...
-
Hy all, Trying to keep the bug count as low as possible i thought i'd use a tool that performs static code analysis on my c/c++ projects. I already use one that performs runtime verifications and analysis but i have a feeling there's room for improvement. There are a lot of tools out there and i simply have a hard time choosing one. What do you recommend? It can be proprietary or not...
Klocwork www.klocwork.com[^]
-
Hy all, Trying to keep the bug count as low as possible i thought i'd use a tool that performs static code analysis on my c/c++ projects. I already use one that performs runtime verifications and analysis but i have a feeling there's room for improvement. There are a lot of tools out there and i simply have a hard time choosing one. What do you recommend? It can be proprietary or not...
Understand from SCITools: http://scitools.com/download RSM from Msquared: http://msquaredtechnologies.com