【工具软件】静态代码分析工具

目录

Infer

Cppcheck

FindBugs™

PMD

Clang Static Analyzer

Checkstyle

Pylint

OCLint

ESlint

Pinpoint

---

 

Infer

Infer 是 Facebook 开源的静态程序分析工具，用于在发布移动应用之前对代码进行分析，找出潜在的问题。目前 Facebook 使用该工具来分析 Facebook 的 App，包括 Android 、iOS、Facebook Messenger 和 Instagram 等等。

 

Cppcheck

http://cppcheck.sourceforge.net/

Cppcheck is a static analysis tool for C/C++ code. It provides unique code analysis to detect bugs and focuses on detecting undefined behaviour and dangerous coding constructs. The goal is to have very few false positives. Cppcheck is designed to be able to analyze your C/C++ code even if it has non-standard syntax (common in embedded projects).

 

FindBugs™

Find Bugs in Java Programs

 

PMD

PMD是一款静态代码分析工具，它能够自动检测各种潜在缺陷以及不安全或未优化的代码。

PMD更多地是集中在预先检测缺陷上，它提供了高度可配置的丰富规则集，用户可以方便配置对待特定项目使用那些规则。

安装及使用：

1.在Eclipse中 安装 PMD插件运行方式

 

Clang Static Analyzer

https://clang-analyzer.llvm.org/

The Clang Static Analyzer is a source code analysis tool that finds bugs in C, C++, and Objective-C programs.

Currently it can be run either from the command line or if you use macOS then within Xcode. When invoked from the command line, it is intended to be run in tandem with a build of a codebase.

The analyzer is 100% open source and is part of the Clang project. Like the rest of Clang, the analyzer is implemented as a C++ library that can be used by other tools and applications.

 

 

Checkstyle

https://checkstyle.sourceforge.io/

Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. It automates the process of checking Java code to spare humans of this boring (but important) task. This makes it ideal for projects that want to enforce a coding standard.

 

Pylint

https://www.pylint.org/

 

OCLint

OCLint is a static code analysis tool for improving quality and reducing defects by inspecting C, C++ and Objective-C code and looking for potential problems like:

• Possible bugs - empty if/else/try/catch/finally statements
• Unused code - unused local variables and parameters
• Complicated code - high cyclomatic complexity, NPath complexity and high NCSS
• Redundant code - redundant if statement and useless parentheses
• Code smells - long method and long parameter list
• Bad practices - inverted logic and parameter reassignment

 

ESlint

https://eslint.org/

Find and fix problems in your JavaScript code

 

 

Pinpoint

Pinpoint 是用 Java 编写的 APM（应用性能管理）工具，用于大规模分布式系统。在 Dapper 之后，Pinpoint 提供了一个解决方案，以帮助分析系统的总体结构以及分布式应用程序的组件之间是如何进行数据互联的。

• 安装agent是无侵入式的

• 对性能的影响最小（只增加约3％资源利用率）