We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 8 years ago.
Improve this questionWhich tools would be most useful for analyzing a C++ codebase? What do they cost?
Can we manage with free and trial software, or are there commercial software that is good and that we really should to pay for?The main object would be to get an understanding of quality - memory issues etc, also to understand the code (For spotting architectural problems for example), perhaps coding standards.
Primarily statical analysis, but we are hoping to be able to run the code. Think it needs to be "robust in the sense that it should work with code for arcane compi开发者_如何学运维lers.
The best free tool is your compiler's warning errors, I always use them at maximum level. The first goal should be a clean build without any cheating (eg. disabling or casting away not-understood warnings).
Visual C++ has built in Code Analysis which is good for catching some bugs and Win32 API misuse, but it's not included in the free version and is (obviously) Windows-specific. This used to be an internal Microsoft tool called Prefast - analogous to FxCop in .Net.
PC-Lint is good, but verbose and not free. If you can get a config file to trap 'useful things' and ignore the noise, that would be a big plus. Again this is for Windows, but I know there are versions for other platforms.
Take a look at:
http://www.cppdepend.com/
and a good many others:
http://www.chris-lott.org/resources/cmetrics/
http://www.locmetrics.com/alternatives.html
I've heard very good things about Valgrind. "automatically detect many memory management and threading bugs, and profile your programs in detail"
The number one stink in programs is code duplication. You can use clone detectors to find duplicates. Many clone detectors compare just text lines for exact matches; other compare token streams and will find almost-exact matches where the differences are just changed identifiers. You can use our CloneDR to find duplication in which arbitrary langauge structures are inserted or removed, using the langauge grammar as a guide. CloneDR works for large C++ systems, as well as many other languages. At the link you can find typical clone detection reports.
A popular broad-spectrum static checker is PCLint. This checks for a variety of common coding errors predefined by the tool. I don't know how well it handles "arcane" (compilers) dialects of C++.
If you want to define custom checks, you need a full C++ front end parser and the ability to configure your checks arbitrarily. Our DMS Software Reengineering Toolkit is an engine that can be configured to accomplish this. DMS's C++ front end can be configured to handle "arcane" C++ dialects, but already covers ANSI, GCC3 and GCC4, MS Visual Studio 7 and 2005. Because DMS is a program transformation engine, it can even be used to "improve" the code quality by replacing poor constructs with better ones.
While not static analysis, test coverage tools for measuring how well you've tested your code are very helpful in assessing your code quality. Just because all your tests pass, doesn't mean you've tested well; unexercised code arguably can have any/all variety of problems.
Theres CCCC: http://cccc.sourceforge.net/ -- result of a research project on metrics.
To tell the truth, I've not found much benefit in such things. What do you hope to get?
You could try out Vigilant Sentry, which analyzes C and C++ and looks for advanced errors in your software. This includes memory or resources leaks, and crash causing memory corruption, among other things.
The small business edition is currently only $795 (by far the cheapest on the market for the value) and the enterprise is $4995. Good luck finding what you need.
精彩评论