有哪些开源 C++ 静态分析工具可用?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/141498/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
What open source C++ static analysis tools are available?
提问by jnancheta
Java has some very good open source static analysis tools such as FindBugs, Checkstyleand PMD. Those tools are easy to use, very helpful, runs on multiple operating systems and free.
Java 有一些非常好的开源静态分析工具,例如FindBugs、Checkstyle和PMD。这些工具易于使用,非常有用,可在多个操作系统上运行并且免费.
Commercial C++ static analysis products are available. Although having such products are great, the cost is just way too much for students and it is usually rather hard to get trial version.
商业 C++ 静态分析产品可用。虽然拥有这样的产品很棒,但对于学生来说成本太高了,而且通常很难获得试用版。
The alternative is to find open source C++ static analysis tools that will run on multiple platforms (Windows and Unix). By using an open source tool, it could be modified to fit certain needs. Finding the tools has not been easy task.
另一种方法是找到可以在多个平台(Windows 和 Unix)上运行的开源 C++ 静态分析工具。通过使用开源工具,可以对其进行修改以满足某些需求。寻找工具并非易事。
Below is a short list of C++ static analysis tools that were found or suggested by others.
以下是其他人发现或建议的 C++ 静态分析工具的简短列表。
- C++ Check http://sf.net/projects/cppcheck/
- Oink http://danielwilkerson.com/oink/index.html
- C and C++ Code Counter http://sourceforge.net/projects/cccc/
- Splint (from answers)
- Mozilla's Pork (from answers) (This is now part of Oink)
- Mozilla's Dehydra (from answers)
- Use option
-Weffc++for GNU g++ (from answers)
- C++ 检查http://sf.net/projects/cppcheck/
- Oink http://danielwilkerson.com/oink/index.html
- C 和 C++ 代码计数器http://sourceforge.net/projects/cccc/
- 夹板(来自答案)
- Mozilla 的猪肉(来自答案)(现在是 Oink 的一部分)
- Mozilla 的 Dehydra(来自答案)
- 使用
-Weffc++GNU g++选项(来自答案)
What are some otherportable open source C++ static analysis tools that anyone knows of and can be recommended?
有哪些其他人知道并可以推荐的便携式开源 C++ 静态分析工具?
Some related links.
一些相关链接。
- https://stackoverflow.com/questions/97454/c-static-code-analysis-tool-on-windows
- http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis
- http://www.chris-lott.org/resources/cmetrics/
- A free tool to check C/C++ source code against a set of coding standards?
- http://spinroot.com/static/
- Choosing a static code analysis tool
采纳答案by Don Wakefield
Oink is a tool built on top of the Elsa C++ front-end. Mozilla's Pork is a fork of Elsa/Oink.
Oink 是一个建立在 Elsa C++ 前端之上的工具。Mozilla's Pork 是 Elsa/Oink 的一个分支。
回答by Soo Wei Tan
回答by Nicola Bonelli
Concerning the GNU compiler, gcc has already a builtin option that enables additional warningto those of -Wall. The option is -Weffc++and it's about the violations of some guidelines of Scott Meyerspublished in his books "Effective and More Effective C++".
关于 GNU 编译器,gcc 已经有一个内置选项,可以对 -Wall 的警告启用附加警告。选项是-Weffc++,它违反了Scott Meyers在他的书《Effective and More Effective C++》中发表的一些指导方针。
In particular the option detects the following items:
特别是该选项检测以下项目:
- Define a copy constructor and an assignment operator for classes with dynamically allocated memory.
- Prefer initialization to assignment in constructors.
- Make destructors virtual in base classes.
- Have "operator=" return a reference to *this.
- Don't try to return a reference when you must return an object.
- Distinguish between prefix and postfix forms of increment and decrement operators.
- Never overload "&&", "||", or ",".
- 为具有动态分配内存的类定义复制构造函数和赋值运算符。
- 优先于初始化而不是构造函数中的赋值。
- 在基类中使析构函数成为虚拟的。
- 让“operator=”返回对*this 的引用。
- 当你必须返回一个对象时,不要试图返回一个引用。
- 区分自增和自减运算符的前缀和后缀形式。
- 切勿重载“&&”、“||”或“,”。
回答by Don Wakefield
Under development for now, but clangdoes C analysis and is targeted to handle C++ over time. It's part of the LLVMproject.
目前正在开发中,但clang 进行C 分析,并且随着时间的推移旨在处理 C++。它是LLVM项目的一部分。
Update: While the landing page says "The analyzer is a continuous work-in-progress", it is nevertheless now documentedas a static analyzer for both C and C++.
更新:虽然登陆页面上写着“分析器是一个正在进行的持续工作”,但它现在被记录为 C 和 C++ 的静态分析器。
Question: How can I run GCC/Clang for static analysis? (warnings only)
问题:如何运行 GCC/Clang 进行静态分析?(仅警告)
Compiler option: -fsyntax-only
编译器选项:-fsyntax-only
回答by David Stone
Someone else mentioned -Weffc++, but that is actually one of the only GCC warnings I do not turn on by default. However, the set of warnings that I do turn on is the most important static analysis tool in my kit. You can see the complete list of recommended warnings.
其他人提到了 -Weffc++,但这实际上是我默认不打开的唯一 GCC 警告之一。但是,我打开的警告集是我工具包中最重要的静态分析工具。您可以查看推荐警告的完整列表。
In summary:
总之:
-pedantic -Wall -Wextra -Wcast-align -Wcast-qual -Wctor-dtor-privacy -Wdisabled-optimization -Wformat=2 -Winit-self -Wlogical-op -Wmissing-declarations -Wmissing-include-dirs -Wnoexcept -Wold-style-cast -Woverloaded-virtual -Wredundant-decls -Wshadow -Wsign-conversion -Wsign-promo -Wstrict-null-sentinel -Wstrict-overflow=5 -Wswitch-default -Wundef -Werror -Wno-unused
-pedantic -Wall -Wextra -Wcast-align -Wcast-qual -Wctor-dtor-privacy -Wdisabled-optimization -Wformat=2 -Winit-self -Wlogical-op -Wmissing-declarations -Wmissing-include-dirs -Wnoexcept -Wold -style-cast -Woverloaded-virtual -Wredundant-decls -Wshadow -Wsign-conversion -Wsign-promo -Wstrict-null-sentinel -Wstrict-overflow=5 -Wswitch-default -Wundef -Werror -Wno-unused
Note that some of these require a new version of gcc, so you may need to eliminate them from your list if you are stuck back on 4.5 or something.
请注意,其中一些需要新版本的 gcc,因此如果您回到 4.5 或其他版本,您可能需要将它们从列表中删除。
回答by Lucas Cimon
John Carmack also mentions PVS-Studioin this interesting blog post on "Static Code Analysis".
John Carmack在这篇关于“静态代码分析”的有趣博客文章中也提到了PVS-Studio。
回答by user15071
回答by Daniel James
Mozilla's static analysis workis probably worth a look.
Mozilla 的静态分析工作大概值得一看。
回答by Onorio Catenacci
Splintseems to fill the bill for C.
夹板似乎填补了 C 的账单。
If you didn't specify open source I'd say Gimpel Software's PCLintis probably one of the best tools available for static code checking in C++. But, of course, it's not open source.
如果您没有指定开源,我会说Gimpel Software的PCLint可能是可用于 C++ 静态代码检查的最佳工具之一。但是,当然,它不是开源的。
Mac OSX:
Mac OSX:
brew install splint
回答by tmitchell
Microsoft's PREFastis also available in the Windows Driver Kit. Version 7.0 is downloadable here.
Microsoft 的PREFast也可在 Windows 驱动程序工具包中使用。7.0 版可在此处下载。
The Microsoft docs state that it should only be run against driver code but this (old) blog postlays out steps to run it. Perhaps it can be integrated into a normal build process?
Microsoft 文档指出它应该只针对驱动程序代码运行,但这篇(旧)博客文章列出了运行它的步骤。也许它可以集成到正常的构建过程中?
