I'm interested in a free tool that can statically check my C++ code like Lint does. Any hints?
splint gets confused by "newer" syntax, where "newer" is C++ conventions that have been back-ported to C within the last 10 years.
Ryan Graham
2009-03-10 20:18:15
Upps, so splint is c only?
Johan
2009-03-10 20:46:57
+11
A:
Perhaps a list like this is what you're looking for:
http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis
It looks like you'll get the most use out of Splint or Uno .
Jweede
2009-03-10 20:13:30
+33
A:
Try cppcheck, found here: http://cppcheck.wiki.sourceforge.net/
Here's a sampling of some of the checks it can perform or that I've used it for:
- Array indices out of bounds
- Memory/resource leaks
- Improper new/delete
- Failure to put virtual destructors on derived classes
- Mismatching allocation and deallocation
- Deallocating a deallocated pointer
- Using variable after it is deallocated / released
- Size mismatches
- Invalid radix in call to
strtolorstrtoul - Overlapping data buffers
- Unsigned division; result may be wrong
- Unusual pointer arithmetic
- Returning pointer to local array variable
- Same iterator is used with two containers
- Dangerous usage of erase
- After pushback or pushfront, iterator may be invalid
- Buffer overruns
- Dangerous usage of
strncat, possible buffer overrun
John Feminella
2009-03-10 20:15:55
+1 for CppCheck. Great tool! Just beware that it *always* returns a non-zero code if it detects *any* issues (even style if they're configured). If you're using an automated build system this can mark builds as failed.
MattyT
2009-03-10 23:55:10
+3
A:
This SO question has relevant answers: What is the Best Command Line Tool to Clean Up Code?
Jonathan Leffler
2009-03-10 20:23:40
+3
A:
You might want to check out this project:
- Inspirel Vera++ based on user defined rules (written in scripting language, some time ago only Tcl)
And few not free ones:
- QAC++
- Coverity
- Klocwork
- Abraxas CodeCheck - heard various opinions...
Anonymous
2009-03-10 21:29:49
+1
A:
Personally I tried cppcheck (v1.4) and found it hopeless.
eg. This example was correctly detected for array out of bounds:
int a[4];
for (int n = 0; n < 5; n++)
{
a[n] = n;
}
But this example was not detected:
int a[4];
int z = 4 + 1;
for (int n = 0; n < z; n++)
{
a[n] = n;
}
meh
2010-01-18 15:50:07
+1
A:
@meh
this issue is allready detected by cppcheck:
int main()
{
int a[4];
int z = 4 + 1;
for (int n = 0; n < z; n++)
{
a[n] = n;
}
return 0;
}
$ cppcheck --enable=all test193.cpp
Checking test193.cpp...
[test193.cpp:9]: (error) Buffer access out-of-bounds
Checking usage of global functions..
martin
2010-03-14 11:02:51
+3
A:
Another tool for the list: Google cpplint.py, which Google's C++ style guide mentions. It's very Google-specific, but nonetheless.
wilhelmtell
2010-05-15 07:22:59