本文介绍腾讯的一款开源的静态分析工具TscanCode,目前在github上有1.5k的star。
安装
直接git clone 下来,用release目录下的二进制即可。另外,可能需要给二进制加下执行权限(下面的第二行)
git clone https://github.com/Tencent/TscanCode.git
chmod u+x TscanCode/release/linux/TscanCodeV2.14.2395.linux/tscancode
基本使用
输入-h选项,会弹出以下帮助信息,看起来和cppcheck有点像
> tscancode -h
TscanCode - A tool for static C/C++ code analysis
Syntax:
tscancode [OPTIONS] [files or paths]
If a directory is given instead of a filename, *.cpp, *.cxx, *.cc, *.c++, *.c,
*.tpp, and *.txx files are checked recursively from the given directory.
Options:
-D<ID> Define preprocessor symbol. Unless --max-configs or
--force is used, TscanCode will only check the given
configuration when -D is used.
Example: '-DDEBUG=1 -D__cplusplus'.
-U<ID> Undefine preprocessor symbol. Use -U to explicitly
hide certain #ifdef <ID> code paths from checking.
Example: '-UDEBUG'
--enable=<id> Enable additional checks. The available ids are:
* all
Enable all checks. It is recommended to only
use --enable=all when the whole program is
scanned, because this enables unusedFunction.
* warning
Enable warning messages
* style
Enable all coding style checks. All messages
with the severities 'style', 'performance' and
'portability' are enabled.
* performance
Enable performance messages
* portability
Enable portability messages
* information
Enable information messages
* unusedFunction
Check for unused functions. It is recommend
to only enable this when the whole program is
scanned.
* missingInclude
Warn if there are missing includes. For
detailed information, use '--check-config'.
Several ids can be given if you separate them with
commas. See also --std
-h, --help Print this help.
-I <dir> Give path to search for include files. Give several -I
parameters to give several paths. First given path is
searched for contained header files first. If paths are
relative to source files, this is not needed.
-j <jobs> Start [jobs] threads to do the checking simultaneously.
-q, --quiet Do not show progress reports.
--xml Write results in xml format to error stream (stderr).
Example usage:
# Recursively check the current folder. Print the progress on the screen and
# write errors to a file:
tscancode . 2> err.txt
# Recursively check ../myproject/ and don't print progress:
tscancode --quiet ../myproject/
# Check test.cpp, enable all checks:
tscancode --enable=all test.cpp
# Check f.cpp and search include files from inc1/ and inc2/:
tscancode -I inc1/ -I inc2/ f.cpp
类似cppcheck的用法,不过好像暂时不可以指定输出的template
./tscancode /home/iskindar/Project/targets/libpng/repo 2> err.txt
另外,还可以输出为xml的格式
./tscancode /home/iskindar/Project/targets/libpng/repo --xml 2> result.xml
可以看到跑出了如下结果。
...
[/home/iskindar/Project/targets/libpng/repo/contrib/libtests/pngimage.c:1082]: (Serious) Comparing [rows] to null at line 1071 implies that [rows ] might be null.Dereferencing null pointer [rows].
[/home/iskindar/Project/targets/libpng/repo/contrib/libtests/tarith.c:629]: (Warning) An unconditional 'break/return/goto' within a loop.It may be a mistake.
[/home/iskindar/Project/targets/libpng/repo/pngread.c:2830]: (Serious) Comparing [trans] to null at line 2816 implies that [trans ] might be null.Dereferencing null pointer [trans].
[/home/iskindar/Project/targets/libpng/repo/pngrtran.c:2144]: (Serious) Null - checking [png_ptr] suggests that it may be null, but it has already been dereferenced at line 2141.
[/home/iskindar/Project/targets/libpng/repo/pngset.c:1488]: (Serious) Null - checking [new_list] suggests that it may be null, but it has already been dereferenced at line 1474 in function[memcpy].
[/home/iskindar/Project/targets/libpng/repo/pngset.c:470]: (Serious) Comparing [swidth] to null at line 446 implies that [swidth ] might be null.Dereferencing null pointer [swidth].
[/home/iskindar/Project/targets/libpng/repo/pngset.c:489]: (Serious) Comparing [sheight] to null at line 450 implies that [sheight ] might be null.Dereferencing null pointer [sheight].
[/home/iskindar/Project/targets/libpng/repo/pngwutil.c:1134]: (Serious) Comparing [profile] to null at line 1131 implies that [profile ] might be null.Dereferencing null pointer [profile]. The error is in macros.
missingInclude :,,
总体来说挺方便的,官网给出的几个优点:
-
支持多语言,包括C/C++,C#,lua
-
快且精准,每分钟能扫描200k行的代码。准确率有90%
-
很容易使用。不需要编译。
-
可扩展。可以自己写规则。