本文翻译自:What open source C++ static analysis tools are available? [closed]
Java has some very good open source static analysis tools such as FindBugs , Checkstyle and PMD . Java有一些非常好的开源静态分析工具,如FindBugs , Checkstyle和PMD 。 Those tools are easy to use, very helpful, runs on multiple operating systems and free . 这些工具易于使用,非常有用,可在多个操作系统上运行并且免费 。
Commercial C++ static analysis products are available. 可以使用商业C ++静态分析产品。 Although having such products are great, the cost is just way too much for students and it is usually rather hard to get trial version. 虽然拥有这样的产品很棒,但是学生的成本太高,而且通常很难获得试用版。
The alternative is to find open source C++ static analysis tools that will run on multiple platforms (Windows and Unix). 另一种方法是找到可在多个平台(Windows和Unix)上运行的开源C ++静态分析工具。 By using an open source tool, it could be modified to fit certain needs. 通过使用开源工具,可以对其进行修改以满足特定需求。 Finding the tools has not been easy task. 寻找工具并非易事。
Below is a short list of C++ static analysis tools that were found or suggested by others. 下面是其他人发现或建议的C ++静态分析工具的简短列表。
- C++ Check http://sf.net/projects/cppcheck/ C ++检查http://sf.net/projects/cppcheck/
- Oink http://danielwilkerson.com/oink/index.html Oink http://danielwilkerson.com/oink/index.html
- C and C++ Code Counter http://sourceforge.net/projects/cccc/ C和C ++代码计数器http://sourceforge.net/projects/cccc/
- Splint (from answers) 夹板(来自答案)
- Mozilla's Pork (from answers) (This is now part of Oink) Mozilla的猪肉(来自答案)(现在是Oink的一部分)
- Mozilla's Dehydra (from answers) Mozilla的Dehydra(来自答案)
- Use option
-Weffc++for GNU g++ (from answers) 使用选项-Weffc++for GNU g ++(来自答案)
What are some other portable open source C++ static analysis tools that anyone knows of and can be recommended? 什么是其他任何人都知道并可以推荐的便携式开源C ++静态分析工具?
Some related links. 一些相关链接。
- https://stackoverflow.com/questions/97454/c-static-code-analysis-tool-on-windows https://stackoverflow.com/questions/97454/c-static-code-analysis-tool-on-windows
- http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis
- http://www.chris-lott.org/resources/cmetrics/ http://www.chris-lott.org/resources/cmetrics/
- A free tool to check C/C++ source code against a set of coding standards? 一个免费的工具,根据一组编码标准检查C / C ++源代码?
- http://spinroot.com/static/ http://spinroot.com/static/
- Choosing a static code analysis tool 选择静态代码分析工具
#1楼
参考:https://stackoom.com/question/aoE/有哪些开源C-静态分析工具-关闭
#2楼
We have been working on an Eclipse CDT plug-in called metriculator. 我们一直致力于一个名为metriculator的Eclipse CDT插件。 Its still under development but some major metrics (eg LSLOC, McCabe, EfferentCoupling) are already implemented. 它仍处于开发阶段,但已经实施了一些主要指标(例如LSLOC,McCabe,EfferentCoupling)。
See http://sinv-56013.edu.hsr.ch/redmine/projects/metricular/wiki/Documentation for more details like video demonstration and documentation. 有关视频演示和文档等更多详细信息,请参见http://sinv-56013.edu.hsr.ch/redmine/projects/metricular/wiki/Documentation 。
The latest nightly build is available for installation via update site at: http://sinv-56013.edu.hsr.ch/metriculator/updatesite-nightly/site/ 最新的夜间版本可通过更新站点安装: http : //sinv-56013.edu.hsr.ch/metriculator/updatesite-nightly/site/
Further Description 进一步说明
Metriculator statically analysis C++ source code and generates software metrics. Metriculator静态分析C ++源代码并生成软件度量。 Metrics are implemented as Codan checkers. 度量标准是作为Codan检查程序实现的。 The analysis results can be explored in a separate view. 可以在单独的视图中探索分析结果。 Each metric has configurable properties (eg a threshold for 'max lines of code per function'). 每个度量都具有可配置的属性(例如,“每个函数的最大代码行数”的阈值)。 Exceeding these threshold will report a problem and create a marker in the source code editor. 超过这些阈值将报告问题并在源代码编辑器中创建标记。
with metriculator you can: 使用公制,您可以:
- analyse C++ files / folders / projects 分析C ++文件/文件夹/项目
- define metric thresholds and enable / disable metric using Codans preference page 使用Codans首选项页面定义度量标准阈值并启用/禁用度量标准
- have problem markers in source code editors 在源代码编辑器中有问题标记
- explore metric results 探索指标结果
- export metric results as tag cloud (available as optional feature via update site) 导出指标结果作为标记云(通过更新站点作为可选功能提供)
Currently metriculator comes with the following metrics: 目前,公制者具有以下指标:
- McCabe (Cyclomatic Complexity) McCabe(Cyclomatic Complexity)
- EfferentCoupling per Type 每种类型的EfferentCoupling
- Logical Source Lines of Code 代码的逻辑源代码行
- Number of Members per Type 每种类型的成员数量
- Number of Parameters per Function 每个功能的参数数量
#3楼
Someone else mentioned -Weffc++, but that is actually one of the only GCC warnings I do not turn on by default. 其他人提到了-Weffc ++,但这实际上是我默认情况下没有打开的唯一GCC警告之一。 However, the set of warnings that I do turn on is the most important static analysis tool in my kit. 但是,我打开的警告集是我的工具包中最重要的静态分析工具。 You can see the complete list of recommended warnings . 您可以看到推荐警告的完整列表 。
In summary: 综上所述:
-pedantic -Wall -Wextra -Wcast-align -Wcast-qual -Wctor-dtor-privacy -Wdisabled-optimization -Wformat=2 -Winit-self -Wlogical-op -Wmissing-declarations -Wmissing-include-dirs -Wnoexcept -Wold-style-cast -Woverloaded-virtual -Wredundant-decls -Wshadow -Wsign-conversion -Wsign-promo -Wstrict-null-sentinel -Wstrict-overflow=5 -Wswitch-default -Wundef -Werror -Wno-unused -pedantic -Wall -Wextra -Wcast-align -Wcast-qual -Wctor-dtor-privacy -Wdisabled-optimization -Wformat = 2 -Winit-self -Wlogical-op -Wmissing-declarations -Wmissing-include-dirs -Wnoexcept -Wold -style-cast -Woverloaded-virtual -Wredundant-decls -Wshadow -Wsign-conversion -Wsign-promo -Wstrict-null-sentinel -Wstrict-overflow = 5 -Wswitch-default -Wundef -Werror -Wno-unused
Note that some of these require a new version of gcc, so you may need to eliminate them from your list if you are stuck back on 4.5 or something. 请注意,其中一些需要新版本的gcc,因此如果您再次使用4.5或其他内容,则可能需要从列表中删除它们。
#4楼
Splint seems to fill the bill for C. Splint似乎填补了C的账单。
If you didn't specify open source I'd say Gimpel Software 's PCLint is probably one of the best tools available for static code checking in C++. 如果您没有指定开源我会说Gimpel Software的PCLint可能是C ++中用于静态代码检查的最佳工具之一。 But, of course, it's not open source. 但是,当然,它不是开源的。
Mac OSX: Mac OSX:
brew install splint
#5楼
If by Open Source, you really meant "free", then Microsoft's prefast analysis is a good one. 如果通过开源,你真的意味着“免费”,那么微软的早期分析是一个很好的分析。 Windows-only ofcourse. Windows仅限课程。 It is fully integrated in Visual Studio & the compiler. 它完全集成在Visual Studio和编译器中。 eg: 例如:
cl /analyze Sample.cpp
#6楼
Mozilla的静态分析工作可能值得一看。
9251
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
