Static Analysis code reqired for C++
-
I actually want some kind of tool for static analysis of the code, like checkstyle in JAVA. What i mean by static analysis is, it tells you the coding style error, unused variable and function names
[ Screen Capture ][ Tool Tip ][ Muliple Desktops ][Greeting Card ]
-
I actually want some kind of tool for static analysis of the code, like checkstyle in JAVA. What i mean by static analysis is, it tells you the coding style error, unused variable and function names
[ Screen Capture ][ Tool Tip ][ Muliple Desktops ][Greeting Card ]
-
I go though that and go though the websites of few tools, however I didn't find what I am looking for. I downloaded and configure cppcheck however it doesn't show any style report ( if braces are placed wrong or that kind of errors)
[ Screen Capture ][ Tool Tip ][ Muliple Desktops ][Greeting Card ]
-
I actually want some kind of tool for static analysis of the code, like checkstyle in JAVA. What i mean by static analysis is, it tells you the coding style error, unused variable and function names
[ Screen Capture ][ Tool Tip ][ Muliple Desktops ][Greeting Card ]
-
I actually want some kind of tool for static analysis of the code, like checkstyle in JAVA. What i mean by static analysis is, it tells you the coding style error, unused variable and function names
[ Screen Capture ][ Tool Tip ][ Muliple Desktops ][Greeting Card ]
I did a very lengthy evaluation of static analysis tools at my last job. In summary, cppcheck is pretty good and since it's free, why not. Of the paid tools, PVS-Studio was one of the best and very reasonably priced (not any more!) and rather expensive, but not as much as other tools (Unfortunately, instead of just listing a price, they play games with you, which means I really can't recommend them anymore--any company too chickenshit to put up plain prices doesn't deserve my business.) Of the super-expensive tools, the best, by a huge margin, was Coverity. It found almost all of the known issues, several critical issues none of the other tools found and almost three dozen minor issues. They are expensive, but worlds better than Klocwork and Parasoft. Parasoft was pretty bad--their analysis tool did better than Klocwork, but missed several issues cppcheck caught and missed several known critical errors. Their product is excruciating slow and Parasoft's other tools were a disaster--several wouldn't even run. Klocwork was very buggy, missed several known bugs and their support was offensively useless (the evaluation went so badly that we terminated it early.) One thing I concluded is that Parasoft and Klocwork specialize in selling to companies which must comply with weird rules for government work (for which there are hundreds of rules, like how switch statements must operate.) They do well at that, but not so well in finding actual bugs. (Riverblade Software which makes Visual Lint, a tool which helps you deal with PC-Lint and Cppcheck--I don't much like it, but you may.)
-
I did a very lengthy evaluation of static analysis tools at my last job. In summary, cppcheck is pretty good and since it's free, why not. Of the paid tools, PVS-Studio was one of the best and very reasonably priced (not any more!) and rather expensive, but not as much as other tools (Unfortunately, instead of just listing a price, they play games with you, which means I really can't recommend them anymore--any company too chickenshit to put up plain prices doesn't deserve my business.) Of the super-expensive tools, the best, by a huge margin, was Coverity. It found almost all of the known issues, several critical issues none of the other tools found and almost three dozen minor issues. They are expensive, but worlds better than Klocwork and Parasoft. Parasoft was pretty bad--their analysis tool did better than Klocwork, but missed several issues cppcheck caught and missed several known critical errors. Their product is excruciating slow and Parasoft's other tools were a disaster--several wouldn't even run. Klocwork was very buggy, missed several known bugs and their support was offensively useless (the evaluation went so badly that we terminated it early.) One thing I concluded is that Parasoft and Klocwork specialize in selling to companies which must comply with weird rules for government work (for which there are hundreds of rules, like how switch statements must operate.) They do well at that, but not so well in finding actual bugs. (Riverblade Software which makes Visual Lint, a tool which helps you deal with PC-Lint and Cppcheck--I don't much like it, but you may.)
Interesting you mentioned Parasoft: a couple of years ago (at a time when it was still relatively cheap) I chose it over lots of others based on a comparison report (which I unfortunately cannot locate any more). Back then it was indicated to be one of the best tools available for the Windows platform (the best affordable one at least), and indeed we got very good results. That said, like what you stated about PVS, they don't openly state their prices, and now they're much more expensive than they used to be. Unfortunately this seems to be common practice for software tool makers nowadays X| Good thing there is open source! But still a pain when you really need to find the best tool for the job and end up wasting hours with inquiries only to find out the price tags are way beyond sanity! Note however that Parasoft does instrument code for runtime analysis too, and we could uncover a number of very nasty memory leaks and bugs that we wouldn't have found in years without a tool, and not at all with static analysis alone! It's true they're not really great at static analysis, but that was never our main concern to start with!
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
-
Interesting you mentioned Parasoft: a couple of years ago (at a time when it was still relatively cheap) I chose it over lots of others based on a comparison report (which I unfortunately cannot locate any more). Back then it was indicated to be one of the best tools available for the Windows platform (the best affordable one at least), and indeed we got very good results. That said, like what you stated about PVS, they don't openly state their prices, and now they're much more expensive than they used to be. Unfortunately this seems to be common practice for software tool makers nowadays X| Good thing there is open source! But still a pain when you really need to find the best tool for the job and end up wasting hours with inquiries only to find out the price tags are way beyond sanity! Note however that Parasoft does instrument code for runtime analysis too, and we could uncover a number of very nasty memory leaks and bugs that we wouldn't have found in years without a tool, and not at all with static analysis alone! It's true they're not really great at static analysis, but that was never our main concern to start with!
GOTOs are a bit like wire coat hangers: they tend to breed in the darkness, such that where there once were few, eventually there are many, and the program's architecture collapses beneath them. (Fran Poretto)
Re: Parasoft runtime analysis. This is one of the modules that failed during our evaluation. I can see how it used to be good, but it hasn't kept up with BoundsChecker. When I finally did get the runtime analysis to work, it presented two false positives! One thing that really struck me during the evaluations is how poorly much of the software was written, especially for such expensive products. The number of obvious UI bugs in Klocwork were astounding (like toolbar buttons simply not working.) Klocwork and Parasoft both failed during installation! This is software which costs hundreds of thousands of dollars and the installer doesn't even work!