Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What open source C++ static analysis tools are available? [closed]

People also ask

Which of the following is a type of C or C static code analysis tool?

Helix QAC is an excellent static analysis testing tool for C and C++ code from Perforce (formerly PRQA).

Which tool is mostly used for static code analysis?

SonarQube SonarQube is one of the more popular static code analysis tools out there. It is an open-source platform for continuous inspection of code quality and performs automatic reviews via static code analysis. In addition, it can detect and report bugs, code smells, and numerous other security vulnerabilities.

Is a static code analysis tool for the C and C++ programming languages?

Cppcheck is a static analysis tool for C/C++ code. It provides unique code analysis to detect bugs and focuses on detecting undefined behaviour and dangerous coding constructs. The goal is to have very few false positives.

Is SonarQube static code analysis?

SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality. Sonar does static code analysis, which provides a detailed report of bugs, code smells, vulnerabilities, code duplications.


CppCheck is open source and cross-platform.

Mac OSX:

brew install cppcheck

Concerning the GNU compiler, gcc has already a builtin option that enables additional warning to those of -Wall. The option is -Weffc++ and it's about the violations of some guidelines of Scott Meyers published in his books "Effective and More Effective C++".

In particular the option detects the following items:

  • Define a copy constructor and an assignment operator for classes with dynamically allocated memory.
  • Prefer initialization to assignment in constructors.
  • Make destructors virtual in base classes.
  • Have "operator=" return a reference to *this.
  • Don’t try to return a reference when you must return an object.
  • Distinguish between prefix and postfix forms of increment and decrement operators.
  • Never overload "&&", "||", or ",".

Under development for now, but clang does C analysis and is targeted to handle C++ over time. It's part of the LLVM project.

Update: While the landing page says "The analyzer is a continuous work-in-progress", it is nevertheless now documented as a static analyzer for both C and C++.

Question: How can I run GCC/Clang for static analysis? (warnings only)

Compiler option: -fsyntax-only


Oink is a tool built on top of the Elsa C++ front-end. Mozilla's Pork is a fork of Elsa/Oink.

See: http://danielwilkerson.com/oink/index.html