c/c++代码的静态检查工具 tscancode

    有了代码自动检查工具，妈妈再也不用担心我的程序有bug了。说笑了，但是确实令我很鸡冻。因为我从编写程序以来（时间不长）只写过一些很小的，功能型的代码。所以一般都是写好了，动几下，看功能满足没有，ok了就完事了。出现bug了就再去看代码。做代码检查+测试，这是我在编程路上又向前走了一步。墙裂推荐向我们这些刚入门的人去用一下子。

    可以看一下这个博客c++代码质量扫描主流工具深度比较，这个的作者呢是weTest，是腾讯写的一篇文章。腾讯写文章，指定是为了打广告，而不是向我们记录或传播知识点。我们也来看一下windows的操作windows的Tscancode的操作。

这里我将Tscancode开源的github地址贴出来tscancode的github链接。

简单介绍一下，TscodeCode是腾讯与 TscanCode Team联合开发维护的一个静态的代码检查工具。所谓静态就是直接检查源码，对逻辑，语法进行检查。

使用：1）在github里面下载tscancode，在linux环境下，直接去到release/linux/TscanCodeV2.14.24.linux/TscanCodeV2.14.2395.linux里面把tscancode和cfg文件夹拷贝到需要检查的源码处，运行

./tscancode --xml telproxy.cpp telproxy.h 2>result.xml

即可等到检查结果。一定要把cfg文件夹拷贝到tscancode的同级目录，或者使用参数指定配置文件在哪。

ufo@workshop:~/sources/workbox/0001_app/telproxy_server_libevent$ ./tscancode --xml telproxy.cpp telproxy.h 2>result.xml 
[Preprocess] [1/2, 86%] [0] [Done] /home/ufo/sources/workbox/0001_app/telproxy_server_libevent/telproxy.cpp
[Preprocess] [2/2, 100%] [0] [Done] /home/ufo/sources/workbox/0001_app/telproxy_server_libevent/telproxy.h
[Analyzing] [1/1, 100%] [1] [Done] /home/ufo/sources/workbox/0001_app/telproxy_server_libevent/telproxy.cpp
[Checking] [1/1, 100%] [0] [Done] /home/ufo/sources/workbox/0001_app/telproxy_server_libevent/telproxy.cpp
ufo@workshop:~/sources/workbox/0001_app/telproxy_server_libevent$ ls
cfg  proxy  result.xml  telproxy.cpp  telproxy.h  tscancode

 查看了一下这个result.xml文件，果然有一个小bug。好开心啊。

<?xml version="1.0" encoding="UTF-8"?>
<results>
    <error file="/home/ufo/sources/workbox/0001_app/telproxy_server_libevent/telproxy.cpp" line="319" id="nullpointer" subid="dereferenceAfterCheck" severity="Serious" msg="Comparing [addr] to null at line 315 implies that [addr ] might be null.Dereferencing null pointer [addr]." web_identify="{&quot;identify&quot;:&quot;addr&quot;}" func_info="void Session::set_meetee_addr ( int meetee , struct sockaddr_in * addr )" content="309: {
310: 	if (meetee &lt; 0 || meetee &gt;= TELNET_PRPXY_MEETEE_MAX)
311: 	{
312: 		printf(&quot;%d:meetee is error\n&quot;, __LINE__);
313: 		return;
314: 	}
315: 	if (!addr)
316: 	{
317: 		printf (&quot;%d:set_meetee_addr addr null\n&quot;, __LINE__);
318: 	}
319: 	memcpy (&amp;m_meetee[meetee].addr, addr, sizeof(m_meetee[meetee].addr));
320: 	return;
321: }
322: 
323: 
324: void Session::get_meetee_addr(int meetee, struct sockaddr_in* addr)
325: {
326: 	if (meetee &lt; 0 || meetee &gt;= TELNET_PRPXY_MEETEE_MAX)
327: 	{
328: 		printf(&quot;%d:meetee is error\n&quot;, __LINE__);
329: 		return;
"/>

</results>

快去尝试一下，看看自己写的程序有没有这种bug吧。

贴出TscanCode在github上的README

TscanCode

A fast and accurate static analysis solution for C/C++, C#, Lua codes

Tencent is pleased to support the open source community by making TscanCode available.

Copyright (C) 2017 Tencent company and TscanCode Team. All rights reserved.

Introduction

TscanCode is devoted to help programmers to find out code defects at the very beginning.

• TscanCode supports multi-language: C/C++, C# and Lua codes;
• TscanCode is fast and accurate, The performance can be 200K lines per minute and the accuracy rate is about 90%;
• TscanCode is easy to use, It doesn't require strict compiling enviroment and one single command can make it work;
• TscanCode is extensible, you can implement your own checks with TscanCode.

Highlights in v2.14.24 (2018-02-24)

• Rule Package was released on GUI, easier for rule customization;
• GUI supports marking false-positive errors now.

For other changes please refer to change log.

Compiling

Any C++11 compiler should work. For compilers with partial C++11 support it may work. If your compiler has the C++11 features that are available in Visual Studio 2015 then it will work. If nullptr is not supported by your compiler then this can be emulated using the header lib/cxx11emu.h.

There are multiple compilation choices:

• Windows: Visual Studio (Visual Studio 2015 and above)
• Linux: g++ 4.6 (or later)
• Mac: clang++

Visual Studio

Use the tsancode.sln file. The file is configured for Visual Studio 2015, but the platform toolset can be changed easily to older or newer versions. The solution contains platform targets for both x86 and x64.

Select option Release to build release version.

g++ or clang++

Simple build (no dependencies):

make

Usage at a glance

This simple example contains a potential null pointer defect. Checking if p is null indicates that p might be null, so dereferencing p *p is not safe outside the if-scope.

// func.cpp
void func(int* p) {
    if(p == NULL) {
        printf("p is null!");
    }

    printf("p is %d", *p);
}

Run TscanCode:

./tscancode --xml func.cpp 2>result.xml

Error list, result.xml:

<?xml version="1.0" encoding="UTF-8"?>
<results>
    <error file="func.cpp" line="7" id="nullpointer" subid="dereferenceAfterCheck" severity="error" 
           msg="Comparing [p] to null at line 3 implies [p] might be null. Dereferencing null pointer [p]." />
</results>

There are more examples:

• CPP samples;
• C# samples;
• Lua samples;

For now, codes under trunk are only for TscanCode CPP version, C# and Lua version are in the internal review process. Sorry for the inconvenience.