views:

980

answers:

12

This question on Cyclomatic Complexity made me think more about static code analysis. Analyzing code complexity and consistency is occasionally useful, and I'd like to start doing it more. What tools do you recommend (per language) for such analysis? Wikipedia has a large list of tools, but which ones have people tried before?

Edit: As David points out, this is not a completely unasked question when it comes to C/UNIX based tools.

A: 

The only time I've ever used one of those tools is Split (C programming language). I thought it was helpful, but I was by no means a power user and I think I barely scratched the surface of what it could do.

Thomas Owens
+1  A: 

I use the PMD plugin for Eclipse a lot. It's pretty nice, and very configurable. CheckStyle is also good, if you're looking for more of a style enforcer.

TimK
+1 That is what I use also
Romain Hippeau
+5  A: 

For .Net we use NDepend. It is a great tool and can be integrated to the build (we use CCNet).

http://www.ndepend.com/

HTH.

BZ
A: 

Lint is the only one I have used at a previous position. It wasn't bad, most of the things it suggested were good catches, some didn't make much sense. As long you don't have a process in place to ensure that there are no lint errors or warnings, then it is useful to perhaps catch some otherwise hidden bugs

Craig H
+1  A: 

Checkstyle, Findbugs, and PMD all work pretty well in Java. I'm currently pretty happy with PMD running in NetBeans. It has a fairly simple GUI for managing what rules you want to run. It's also very easy to run the checker on one file, an entire package, or an entire project.

Bill the Lizard
+1  A: 

Also see the question Choosing a static code analysis tool if you're looking for C/UNIX based tools.

David
+1  A: 

Obviously, the answer depends on the programming languages. UNO is good for C programs.

@Thomas Owens: I think you meant Splint.

Chris Conway
+1  A: 

We use Programming Research's QAC for our C code. Works OK. Recently we have been talking about checking out some of the more advanced and static/dynamic code analyzers like Coverity's Prevent or the analysis tool by GrammaTech. They claim to not only do static analysis but also find runtime errors etc. One major selling point is supposed to be fewer false positives. Has anybody used any of these?

cschol
+2  A: 

For C and Objective-C, you can also use the LLVM/Clang Static Analyzer.

It's Open Source and under active development.

Chris Hanson
+1  A: 

We use Coverity Prevent at Palm for C and C++ code analysis, and it's done a great job of uncovering some hidden bugs in our code. It also finds a lot of not likely to be hit problems, but it's easy to mark those as "will not fix" or "not a problem" in the code database that the tool generates. It is expensive, but the company occasionally does runs on open source projects and provides reports to the maintainers. They have a whitepaper about our use of the product on their site if you want to read more about our experience.

Ben Combee
A: 

For C++, I use CppCheck. It seems to work fine.

Séverin
+1  A: 

My admins are really cheap, so can I only use really cheap tools:

1) CCCC (C / C++ Code Counter): Various results related to number of lines (vs. lines of comments, cyclomatic complexity, Information flow, ...) 2) Semian: Fastest code duplication finder I ever tried. 3) LOC Metrix: Not very usefull but can help to make a point.

The GG