Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Choosing a static code analysis tool [closed]

Tags:

c

unix

testing

I'm working on a project where I'm coding in C in a UNIX environment. I've been using the lint tool to check my source code. Lint has been around a long time (since 1979), can anyone suggest a more recent code analysis tool I could use ? Preferably a tool that is free.

like image 306
David Avatar asked Aug 05 '08 21:08

David


People also ask

Which tool is mostly used for static code analysis?

SonarQube SonarQube is one of the more popular static code analysis tools out there. It is an open-source platform for continuous inspection of code quality and performs automatic reviews via static code analysis. In addition, it can detect and report bugs, code smells, and numerous other security vulnerabilities.

What will the static code analysis tool do for the user?

Source code analysis tools, also known as Static Application Security Testing (SAST) Tools, can help analyze source code or compiled versions of code to help find security flaws. SAST tools can be added into your IDE. Such tools can help you detect issues during software development.


1 Answers

Don't overlook the compiler itself. Read the compiler's documentation and find all the warnings and errors it can provide, and then enable as many as make sense for you.

Also make sure to tell your compiler to treat warnings like errors so you're forced to fix them right away (-Werror on gcc). By the way, don't be fooled -Wall on gcc does not enable all warnings.

You may want to check valgrind (free!) — it "automatically detect[s] many memory management and threading bugs, and profile[s] your programs in detail." It isn't a static checker, but it's a great tool!

like image 158
svec Avatar answered Sep 21 '22 20:09

svec