Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What open source C++ static analysis tools are available? [closed]

Tags:

c++

coding-style

static-analysis

People also ask

Which of the following is a type of C or C static code analysis tool?

Helix QAC is an excellent static analysis testing tool for C and C++ code from Perforce (formerly PRQA).

Which tool is mostly used for static code analysis?

SonarQube SonarQube is one of the more popular static code analysis tools out there. It is an open-source platform for continuous inspection of code quality and performs automatic reviews via static code analysis. In addition, it can detect and report bugs, code smells, and numerous other security vulnerabilities.

Is a static code analysis tool for the C and C++ programming languages?

Cppcheck is a static analysis tool for C/C++ code. It provides unique code analysis to detect bugs and focuses on detecting undefined behaviour and dangerous coding constructs. The goal is to have very few false positives.

Is SonarQube static code analysis?

SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality. Sonar does static code analysis, which provides a detailed report of bugs, code smells, vulnerabilities, code duplications.

CppCheck is open source and cross-platform.

Mac OSX:

brew install cppcheck

Concerning the GNU compiler, gcc has already a builtin option that enables additional warning to those of -Wall. The option is -Weffc++ and it's about the violations of some guidelines of Scott Meyers published in his books "Effective and More Effective C++".

In particular the option detects the following items:

  • Define a copy constructor and an assignment operator for classes with dynamically allocated memory.
  • Prefer initialization to assignment in constructors.
  • Make destructors virtual in base classes.
  • Have "operator=" return a reference to *this.
  • Don’t try to return a reference when you must return an object.
  • Distinguish between prefix and postfix forms of increment and decrement operators.
  • Never overload "&&", "||", or ",".

Under development for now, but clang does C analysis and is targeted to handle C++ over time. It's part of the LLVM project.

Update: While the landing page says "The analyzer is a continuous work-in-progress", it is nevertheless now documented as a static analyzer for both C and C++.

Question: How can I run GCC/Clang for static analysis? (warnings only)

Compiler option: -fsyntax-only


Oink is a tool built on top of the Elsa C++ front-end. Mozilla's Pork is a fork of Elsa/Oink.

See: http://danielwilkerson.com/oink/index.html

Related questions

How to retrieve all keys (or values) from a std::map and put them into a vector?
Purpose of Unions in C and C++
How to sum up elements of a C++ vector?
What's the rationale for null terminated strings?
C++ catching all exceptions
How to make my custom type to work with "range-based for loops"?
How do malloc() and free() work?
How do I install the OpenSSL libraries on Ubuntu?
How can I loop through a C++ map of maps?
A positive lambda: '+[]{}' - What sorcery is this? [duplicate]
How can I read and parse CSV files in C++?
How do you create a static class in C++?
Convert a String In C++ To Upper Case
How can I add reflection to a C++ application?
Random float number generation
Can C++ code be valid in both C++03 and C++11 but do different things?
C++ Erase vector element by value rather than by position? [duplicate]
Can we have functions inside functions in C++?
Why does NaN - NaN == 0.0 with the Intel C++ Compiler?
Why are unnamed namespaces used and what are their benefits?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!