C++ static code analysis tool on Windows

Question

What C++ static code analysis tool are there on Microsoft Windows, and which would you recommend?

Please state whether a particular tool relies on cygwin, and whether it cost money. One per post as per for voting up & down.

Similar Question: http://stackoverflow.com/questions/141498/what-open-source-c-static-analysis-tools-are-available

Answer 1

Flawfinder

Answer 2

Visual Studio Team System now has code analysis tools (although VSTT is pretty expensive).

Answer 3

PC-Lint does a fair bit of static analysis.

Answer 4

We use Coverity. It isn't free by a longshot, but Windows is a supported plaform.

Answer 5

If you run VC2008 (Express version is free) and then install the latest Windows SDK, you can get the same PREFAST static code analysis tools normally only available in VSTT. If you're already using Visual Studio this is a great way to go, if you're using GCC or some other compiler for Win32 you'll need to look elsewhere.

Answer 6

I've also heard that Oink is good.

Answer 7

I have used source monitor for years. some of the things does great things. Best part is that it is free.

Check out the hompage for source monitor here: Source Monitor

Answer 8

Two years ago I've used Scitools' Understand. It is portable (at least the Windows-Linux combination that we use) and has support for multiple languages. Could very well be that that is not what you're after though...

What will be interesting anyway is that it is fairly affordable, and that the support is impressive, issues and questions are more often than not addressed the same day.

Answer 9

I use PC-Lint for code static review!

Answer 10

CppCheck is open source and cross-platform.

Answer 11

Klocwork "Insight" is another, but it's not free. I've also used Coverity "Prevent". Both are very good products if you don't mind the cost.

Answer 12

i think 3 opensource static analysers impressive

Cppcheck - easy with gui interface...checks for coding standards and other critical issues... cccc - outputs the coding metrics..like no of lineof code...code coplexity index..comment count etc Cqual++ - will ave to build it form repository...gives the dataflow in code method and type level

my question is can i add custom codibng standards..is there any open tools supporting additin of custom coding standards

Answer 13

Our DMS Software Reengineering Toolkit processes a variety of C++ dialects. It can be obtained with a duplicated code detector (exact or near miss clones), but is generally designed to be customized to carry out the analysis you want. See DMS.

EDIT Yes, you can code your own custom analyses or style checks.

Answer 14

Vera++ also enables to check custom coding standards through scripts...

Answer 15

I'm one of the developers for a Visual Studio C/C++ static analysis tool called Goanna. This one costs money (there's a free trial), but I'd like to think it's good.

Answer 16

Sentry is a C++ static analyzer that supports Windows and Linux. It's not free, but it's more powerful than simple free tools like Lint.

Answer 17

CppDepend has some useful features to analyse architecture, design and implementation, it provides CQL language to query code like SQL.