C/C++ static analyzers


BLAST, CODAN, cppcheck, slint, clang, something else?

Interested in:

  1. free and

  2. linux.

So far I've dealt only with CODAN (in Eclipse CDT out of the box) and cppcheck. I looked at the label, but I'm interested in the security and "clumsiness" of the code, ideally something close to MISRA.

CLion with its most beautiful parser

I am not asking for an IDE. The analyzer is valuable to me as a utility that can be integrated into an IDE (then it's a bonus), but must work independently.

As for the beauty of the parser in CLion. Yes, on the test run, he found a few goodies:

  1. Data flow analysis : File is too complex to perform context-sensitive data-flow analysis (at line 11) ( hee hee )
  2. Type checks : Parameter type mismatch: Values ​​of type 'size_t' may not fit into the receiver type 'int' at line 267 ( second argument to fgets() )
  3. Unused code : Unused .h statement at line 9

It seems to be useful. But he did not find the main thing :

cppcheck: (error) Memory leak: src (at line 249)

Here I specially commented out the call to free() , and not directly, but through a wrapper (!), which cppcheck perfectly caught. CODAN did it too. But CLion is not. So he is still very far from perfection. Not to mention the complete lack of normal support for valgrind (oh, I wouldn’t fall into a holivar about IDE …)

Not that it's a separate analyzer, but clang at the maximum level of warnings is quite a useful thing.

Examples are possible? I have not dealt with him, and so far I have no idea what the difference is from this:

gcc -Wall -pedantic -pedantic-errors


Now PVS-Studio has appeared under Linux, which can even be fully-functionally used for free . Actually a good thing.

Scroll to Top