We call C, C++ language as compiled languages. These languages translate entire source code before execution. This saves time in execution and is one reason why most operating system code and application code is written in a compiled language like C.
Most of the time, compilers detect the syntax errors in the code. This is not enough to evaluate the code. There are many more things to check / validate while detecting defects or errors in the source code. There are static analysis tools to analyze the source code from all aspects of program.
Few of them are listed below.
OCLint is a static analysis tool that runs on Linux and Mac OS X platforms. The OCLint source code and binaries are distributed under Modified BSD License. The tool is used to improve code quality and reducing defects and looking for potential issues such as:
- Unused code: It checks for unused local variables and parameters
- Bad practices: It also detects inverted logic and parameters reassignment
- Code smells: It detects long method and long parameter list
- Redundant code: It searches for redundant if statements and useless parenthesis (syntax)
- Possible bugs: It detects empty if/else/try/catch/finally statements
All the above errors/bugs/defects are obtained from static analysis using OCLint. These cannot be caught by the compilers. OCLint automates this inspection process and provides the following features:
- Rules: It loads rules in the system dynamically, also at run time.
- Flexible Configurations: The developer can configure and customize the tool based on his criteria.
- Command line support: It allows command line invocation that facilitates continuous inspection of the code while being developed so that the issues can be detected at early development stage.
- Reduction in False Positives: It provides better accuracy and efficiency by relying on the abstract syntax tree.
Cppcheck is used as a static analysis tool that primarily detects the types of defects that compilers do not detect. The objective of this tool is to detect real-time errors in the code.
The tool detects the following types of errors in C++ code:
- Warnings about unused and redundant code
- Checks on exception safety
- Out of bounds checking
- Memory leaks checking
- Possible null pointer dereferences checks
- Uninitialized variables check
- Invalid usage of STL check
The tool is executed from command line application. The command for obtaining list of all implemented checks is as below.
# get list of checks
# get list of error messages|
The CppDepend is a static code analysis tool for managing complex C/C++ code base. Using this tool, a developer can analyze code structure; specify design rules, perform effective code reviews and compare different versions of the code.
The CppDepend provides a list of features that makes the code analysis and review process easier and effective.
- Using its component CQLinq, developer can define custom rules and query code
- It provides code quality metrics including Cyclomatic complexity, Coupling, Nesting Depth, Rank and many more.
- It provides diagnostics that are easy to browse.
- It supports plug-ins integration.
- It detects dependency cycle to achieve higher code maintainability.
- It helps maintaining clean side-effects free code to achieve clean concurrent programming.
- It enables the developer to generate custom reports that warns developer of potential build process problems.
The Code Analysis tool is a part of Microsoft Visual Studio. The C/C++ Code Analysis tool provides developers information about possible defects in their C/C++ source code.
The tool helps you find common defects, violations of good programming practice or the defects that are difficult to detect while testing.
Code analysis warnings are different from compiler errors and warnings. The reason is due to specific code patterns that are valid but could still create issues in the code shared within a team.
The Clang Analyzer is a source code analysis tools that detects errors in C,C++ and Objective-C programs. It can be run as a standalone tool or IDE is used to run this tool. It is open source and a part of Clang project.
If the developer is running it as a standalone tool, command line prompt is used. Xcode is an IDE for Mac OS. The tool can be integrated within Xcode and presents analysis results within Xcode.
The tool is a collection of algorithms and techniques used to analyze source code in order to automatically find bugs. The idea is to detect the errors that compiler may not detect.
This tool is not perfect. It can falsely flag bugs in a program where the code behaves correctly.
PVS-Studio is a tool that is used for detecting bugs in the source code of programs written in C,C++. It is specially used to search for misprints and Copy-Paste errors. It also does a wide range of code checks. This tool provides support to developers who use Microsoft Visual Studio. It can run analysis in the background mode after they are compiled. The analysis process is completely controlled by the user and it is the developer who decides if the source code needs modification.
PVS-Studio diagnostic messages are categorized into 3 types:
- General Analysis Messages: The rule set detects logical errors, misprints, code fragments causing access violation, incorrect use of STL library algorithms, etc.
- Detection of possible optimizations: This allows the developer to optimize the code in the areas such as algorithmic optimization, parallel computation, micro-optimization at code level and optimization at machine level.
- Diagnosis of 64-bit errors: Detecting the 64-bit errors refers to detecting the code fragments which work correctly in 32-bit versions of software and fail in 64-bit programs. The set of specialized rules of Viva64 lets you detect defects occurring when developing new 64-bit applications or when porting 32-bit code to 64-bit systems.
Thus, PVS-Studio has unique analysis techniques and strategies that help improving overall code quality of the applications written in Visual Studio.
Frama-C is a static code analysis tool for parsing C code. The tool is closure to heuristic bug-finding tool. With Frama-C, a developer can:
- Slice the original program into simplified ones
- Observe sets of possible values for the variables in the code at each point of the execution;
- Navigate the dataflow of the program, from definition to use or from use to definition.
PolySpace is a static analysis tool comprised of Polyspace Bug Finder™ and Polyspace Code Prover™.
- Polyspace Bug Finder™ is used to locate defects and triage and fix bugs early in the development process. It also verifies compliance and coding standards.
- Polyspace Code Prover™ is used to prove the absence of run-time errors in C and C++ source code. It also creates certification artifacts.
The tool intercepts 100% of run-time errors in C programs.
QA-C and QA-C++
QA-C is static analysis tool for the C language that provides means to analyze the code against the chosen coding standard, with metrics and code structure visualizations bringing clarity to the projects. It is used to prevent bugs and to identify coding issues in the early stage of development cycle.
QA-C++ provides an automated, highly effective mechanism of analyzing the code against coding standard, with metrics and code structure visualizations bringing a further level of clarity to complex C++ projects.