Static Code Analysis Tools
-
We are currently evaluating several static code analysis tools for C++ & C#, namely Coverity, Klockwork and Parasoft. Does anyone have experience with any of these?
-
We are currently evaluating several static code analysis tools for C++ & C#, namely Coverity, Klockwork and Parasoft. Does anyone have experience with any of these?
I've played with klockwork, but all the springs went "boing" and I lost a couple of cogs... :sigh:
The universe is composed of electrons, neutrons, protons and......morons. (ThePhantomUpvoter)
-
I've played with klockwork, but all the springs went "boing" and I lost a couple of cogs... :sigh:
The universe is composed of electrons, neutrons, protons and......morons. (ThePhantomUpvoter)
-
We are currently evaluating several static code analysis tools for C++ & C#, namely Coverity, Klockwork and Parasoft. Does anyone have experience with any of these?
The firm I work for uses Coverity at some sites, but not at others - e.g. the UK office I'm based at. I know Coverity (in particular) and Klockwork are good, but are massively expensive - typically 6 figures for us, annually, because of the annual licensing arrangements (the analysis work is done by (remote) servers and cost is roughly proportional to codebase size). At our UK site and in some of our other sites we use Gimpel Software's PC Lint, which I love, and is much much less expensive and is a one time low cost option, that enables every developer to analyse on their local machine. Mike
-
We are currently evaluating several static code analysis tools for C++ & C#, namely Coverity, Klockwork and Parasoft. Does anyone have experience with any of these?
Over the last few years we've used a variety of analysis tools for C/C++ and C#, including TICS (C++/C#), FxCop (C#), PC-lint (C/C++), Vera++ (C++), CppCheck (C++) and cpplint (C++). Of those, the one we use on a day to day basis with our C++ code (which is the vast majority of our codebase) is PC-lint. It's a hell of lot less expensive (and has no yearly subscriptions) than Klocwork , Coverity or Parasoft, and is very good at catching the sort of nasties and inconsistencies that programmers typically inadvertently write into the code. It is however rather tricky to configure (the flip side is that it's almost infinitely configurable) - which is why I started writing Visual Lint[^] back in 2004. We've got versions of Visual Lint that run both centrally on the build server as well as interactively on the desktop, with plug-ins for Visual Studio and Eclipse as well as a standalone GUI client. The product documentation[^] should give you a good idea of how it all works together, but feel free to drop me a line if you need more info or something in there isn't clear.
Anna :rose: Tech Blog | Visual Lint "Why would anyone prefer to wield a weapon that takes both hands at once, when they could use a lighter (and obviously superior) weapon that allows you to wield multiple ones at a time, and thus supports multi-paradigm carnage?"
-
We are currently evaluating several static code analysis tools for C++ & C#, namely Coverity, Klockwork and Parasoft. Does anyone have experience with any of these?
I worked with Parasoft with our projects written in C. Before using it you should have a rule set accordıng to your coding standard. It has some predefined sets though (i.e MISRA) but you can also add/modify rules. You should be well aware of the language syntax. I find that tool very useful. We found some potential bugs before test phase, saved us many defect and change requests :cool:
-
We are currently evaluating several static code analysis tools for C++ & C#, namely Coverity, Klockwork and Parasoft. Does anyone have experience with any of these?
-
We are currently evaluating several static code analysis tools for C++ & C#, namely Coverity, Klockwork and Parasoft. Does anyone have experience with any of these?
Cppcheck, it's OSS, good at C and C++ (even C++11), and it gets better every 2-3 months (see their roadmap). BTW: the team is very reactive to well-formed bug reports! :)
-
Cppcheck, it's OSS, good at C and C++ (even C++11), and it gets better every 2-3 months (see their roadmap). BTW: the team is very reactive to well-formed bug reports! :)
Cppcheck is good for C++, but not great and missed some critical errors caught by PVS-Studio (which is very nice, but still C++ only.) It also generated more noise and a series of baffling false positives in one set of code. ReSharper picks up some C# errors, but also seems to fall short for me.
-
We are currently evaluating several static code analysis tools for C++ & C#, namely Coverity, Klockwork and Parasoft. Does anyone have experience with any of these?
Try also PVS-Studio Static Code Analyzer for C/C++/C++11. Examples of use: http://www.viva64.com/en/examples/[^]
-
Try also PVS-Studio Static Code Analyzer for C/C++/C++11. Examples of use: http://www.viva64.com/en/examples/[^]
I have; I really liked it.
