Helix QAC is an excellent static analysis testing tool for C and C++ code from Perforce (formerly PRQA).
SonarQube SonarQube is one of the more popular static code analysis tools out there. It is an open-source platform for continuous inspection of code quality and performs automatic reviews via static code analysis. In addition, it can detect and report bugs, code smells, and numerous other security vulnerabilities.
Cppcheck is a static analysis tool for C/C++ code. It provides unique code analysis to detect bugs and focuses on detecting undefined behaviour and dangerous coding constructs. The goal is to have very few false positives.
SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality. Sonar does static code analysis, which provides a detailed report of bugs, code smells, vulnerabilities, code duplications.
CppCheck is open source and cross-platform.
Mac OSX:
brew install cppcheck
Concerning the GNU compiler, gcc has already a builtin option that enables additional warning to those of -Wall. The option is -Weffc++ and it's about the violations of some guidelines of Scott Meyers published in his books "Effective and More Effective C++".
In particular the option detects the following items:
Under development for now, but clang does C analysis and is targeted to handle C++ over time. It's part of the LLVM project.
Update: While the landing page says "The analyzer is a continuous work-in-progress", it is nevertheless now documented as a static analyzer for both C and C++.
Question: How can I run GCC/Clang for static analysis? (warnings only)
Compiler option: -fsyntax-only
Oink is a tool built on top of the Elsa C++ front-end. Mozilla's Pork is a fork of Elsa/Oink.
See: http://danielwilkerson.com/oink/index.html
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With