c++ – C / C ++ static analyzers

Question:

BLAST, CODAN, cppcheck, slint, clang, something else?

Interested in:

  1. free and

  2. Linux.

So far only dealt with CODAN (in Eclipse CDT out of the box) and cppcheck. I looked at the label, but it is the security and "clumsy" of the code that interests, ideally, something close to MISRA.


CLion with its finest parser

I am not asking for an IDE. The analyzer is valuable to me as a utility that can be built into the IDE (then this is a bonus), but must work independently.

As for the greatness of the parser in CLion. Yes, on a test run, he found a few goodies:

  1. Data flow analysis : File is too complex to perform context-sensitive data-flow analysis (at line 11) ( hee hee )
  2. Type checks : Parameter type mismatch: Values ​​of type 'size_t' may not fit into the receiver type 'int' at line 267 ( second argument to fgets () )
  3. Unused code : Unused import statement at line 9 ( it was about including unnecessary .h )

It seems to be useful. But he did not find the main thing :

cppcheck: (error) Memory leak: src (at line 249)

Here I specially commented out the call to free() , and not directly, but through a wrapper (!), Which cppcheck perfectly caught. CODAN did it too. CLion is not. So he is still very far from beauty. Not to mention the complete absence of normal support for valgrind (oh, I wouldn't fall into a holivar about IDE …)

Not that a separate analyzer, but clang at the maximum level of warnings is quite a useful thing

Examples are possible? I didn’t deal with him, and so far I don’t really know what is the difference from this:

gcc -Wall -pedantic -pedantic-errors

Answer:

Now PVS-Studio has appeared for Linux, which can even be fully functional for free . Not a bad thing, actually.

Scroll to Top