- Do you use source code analyzers? If so, which ones and for which language development?
- Do you find them helpful in solving potential bugs in your code? Or are most of their warnings trivial?
- After prolonged use, do you find your code quality to be higher than before?
你使用源代码分析器吗?如果是这样,哪些语言发展?
您是否发现它们有助于解决代码中的潜在错误?或者他们的大部分警告都是微不足道的?
长时间使用后,您是否发现您的代码质量比以前更高?
7 个解决方案
#1
I use a few static analysis tools in Java. FindBugs is the first line of defense, catching a lot of common errors and giving pretty useful feedback. It often spots the silly mistakes of tired programmers and doesn't place a high burden on the user.
我在Java中使用了一些静态分析工具。 FindBugs是第一道防线,可以捕捉到许多常见错误并提供非常有用的反馈。它经常发现疲惫的程序员的愚蠢错误,并没有给用户带来很大的负担。
PMD is good for a lot of other more niggly bugs, but requires a lot more configuration. You'll find that PMDs defaults are often over the top. There are too many rules that are probably beneficial on a tiny scale but ultimately don't help other programmers maintain your code. Some of the PMD rules often smack of premature optimisation.
PMD适用于许多其他更琐碎的错误,但需要更多配置。您会发现PMD默认值通常超过顶部。有太多规则可能在很小的范围内有益,但最终无法帮助其他程序员维护您的代码。一些PMD规则经常出现过早优化。
Probably more useful is the CPD support in PMD. It attempts to find code that has been duplicated elsewhere, in order to make refactoring much easier. Run over an entire project, this really helps determine where the biggest priorities are for cleaning up code and stopping any DRY violations.
可能更有用的是PMD中的CPD支持。它试图找到在其他地方重复的代码,以便使重构更容易。运行整个项目,这确实有助于确定清理代码和停止任何DRY违规的最大优先级。
Checkstyle is also handy, making sure your coders conform to some coding style standard. it has a bit of overlap with PMD but is generally much more usable.
Checkstyle也很方便,确保您的编码器符合某些编码风格标准。它与PMD有一点重叠,但通常更有用。
Finally, Cobertura is a great test coverage suite. Very handy for finding out where the unit tests are lacking, and where you should be prioritising the creation of new tests.
最后,Cobertura是一个很棒的测试覆盖套件。非常方便找出缺少单元测试的位置,以及应该优先创建新测试的位置。
Oh, and I've also been testing out Jester. It seems to be pretty good for finding holes in tests, even where the code has some coverage. Not recommended yet, simply because I've not used it enough, but one to test out.
哦,我也一直在测试Jester。在测试中找到漏洞似乎相当不错,即使代码有一些覆盖范围。不推荐,只是因为我没有使用它,而是一个测试。
I run these tools both from within Eclipse and as part of an automated build suite.
我从Eclipse中运行这些工具,并作为自动构建套件的一部分。
#2
For C, I use MEMWATCH. It's really easy to use and free.
对于C,我使用MEMWATCH。它非常易于使用和免费。
I've used it to find many memory bugs in the past.
我过去用它来发现很多内存错误。
#3
I used resharper and MS TS (basically FXCop) and both of them quite usefull especially in the following areas :
我使用了resharper和MS TS(基本上是FXCop),它们都非常有用,特别是在以下方面:
- Identifying dead code
- Wide Scope
- Performance improvements (related with globalization etc.)
识别死代码
绩效改进(与全球化等有关)
Recommendations are not always great but generally improved the quality of the code.
建议并不总是很好,但通常会提高代码的质量。
#4
I'm a long term user of PC-Lint for C and C++ and find it very helpful. These tools are most useful when taking over a code base you are unfamilier with. Over time you hit a law of diminishing returns, where the number of new bugs you find tends to trail off.
我是PC-Lint for C和C ++的长期用户,并且发现它非常有用。这些工具在接管您不熟悉的代码库时非常有用。随着时间的推移,你会达到一个收益递减规律,你发现的新错误的数量往往会落后。
I always still to a full project lint on a big release.
我总是在一个重要的版本上完成一个完整的项目。
Edit: There is a nice list of relevent tools on Wikipedia here
编辑:*上有一个很好的相关工具列表
#5
I'm pretty happy with ReSharper. Not only does it give useful bits of information while coding (e.g. needless casts, apply readonly and so forth) but its refactoring features are excellent for rearranging the code very quickly.
我对ReSharper非常满意。它不仅在编码时提供有用的信息位(例如,不必要的强制转换,只读应用等),但其重构功能非常适合非常快速地重新排列代码。
It doesn't cover everything, so FxCop (or similar) is a decent addition to the toolbox. However, as Resharper gives immediate feedback, the turnaround time is really good. (I'm aware that FxCop can be run from VS, but its just not the same imo).
它并不涵盖所有内容,因此FxCop(或类似)是工具箱的一个不错的补充。然而,由于Resharper提供即时反馈,周转时间非常好。 (我知道FxCop可以从VS运行,但它只是不一样的imo)。
#6
I find analyzers somewhat useful, i use the buildin to visual studio (ex. /analyze for c/c++ and the custom rules for .net), occasionally i use stylecop and codeitright for c# mostly for guidelines how things should be.
我发现分析器有点用处,我使用buildin到visual studio(例如/分析c / c ++和.net的自定义规则),偶尔我会使用stylecop和codeitright for c#主要用于指导事情应该如何。
I don't think there is a perfect tool for everything, that finds every bug, but i think the tools help to find some bugs, not untraceable, but believe me you would spend a ton of time finding them.
我认为没有一个完美的工具可以找到所有的bug,但是我觉得这些工具有助于找到一些bug,而不是无法追踪,但相信我你会花很多时间找到它们。
Yes your code quality is SOMEWHAT better than before, but i also believe manual debugging is still needed alot. Source analyzers are not the ultimate cure they are a good medicine though. If there was a tool that you just execute it and find any kind of bugs and fixes it for you would cost millions.
是的,您的代码质量比以前更好,但我也相信还需要手动调试。尽管如此,源分析仪并不是最终的治疗方法。如果有一个工具你只是执行它并找到任何类型的错误并修复它将花费数百万美元。
Some programmers that i know swear that IBM Rational PurifyPlus is superb, but that is their opinion i just had 2-3 sessions with the tool.
我知道一些程序员发誓IBM Rational PurifyPlus非常棒,但他们认为我只有2-3次使用该工具。
But always remember one of the basic principles of programming logical errors are the hardest for find and fix, so long debugging hours are inevitable. A good code analyzer combined with unit testing may work miracles thought.
但始终记住编程逻辑错误的基本原则之一是查找和修复最难,因此长时间的调试时间是不可避免的。一个好的代码分析器结合单元测试可能会创造奇迹。
PS. i tend to produce far less errors in C# than in C++, someone may say i am wrong but although i use c++ more years than c# i find the "code it and i will take care of it" gc approach of C# far easier than c++ especially for projects you rush thing to finish at the time limit/deadline, which EVERY project is like this days...
PS。我倾向于在C#中产生比在C ++中更少的错误,有人可能会说我错了,但是我使用c ++比c#更多年,我发现“代码它我会照顾它”C#的gc方法比c ++容易得多特别是对于你在时间限制/截止日期前赶紧完成的项目,每个项目都像今天这样......
#7
#1
I use a few static analysis tools in Java. FindBugs is the first line of defense, catching a lot of common errors and giving pretty useful feedback. It often spots the silly mistakes of tired programmers and doesn't place a high burden on the user.
我在Java中使用了一些静态分析工具。 FindBugs是第一道防线,可以捕捉到许多常见错误并提供非常有用的反馈。它经常发现疲惫的程序员的愚蠢错误,并没有给用户带来很大的负担。
PMD is good for a lot of other more niggly bugs, but requires a lot more configuration. You'll find that PMDs defaults are often over the top. There are too many rules that are probably beneficial on a tiny scale but ultimately don't help other programmers maintain your code. Some of the PMD rules often smack of premature optimisation.
PMD适用于许多其他更琐碎的错误,但需要更多配置。您会发现PMD默认值通常超过顶部。有太多规则可能在很小的范围内有益,但最终无法帮助其他程序员维护您的代码。一些PMD规则经常出现过早优化。
Probably more useful is the CPD support in PMD. It attempts to find code that has been duplicated elsewhere, in order to make refactoring much easier. Run over an entire project, this really helps determine where the biggest priorities are for cleaning up code and stopping any DRY violations.
可能更有用的是PMD中的CPD支持。它试图找到在其他地方重复的代码,以便使重构更容易。运行整个项目,这确实有助于确定清理代码和停止任何DRY违规的最大优先级。
Checkstyle is also handy, making sure your coders conform to some coding style standard. it has a bit of overlap with PMD but is generally much more usable.
Checkstyle也很方便,确保您的编码器符合某些编码风格标准。它与PMD有一点重叠,但通常更有用。
Finally, Cobertura is a great test coverage suite. Very handy for finding out where the unit tests are lacking, and where you should be prioritising the creation of new tests.
最后,Cobertura是一个很棒的测试覆盖套件。非常方便找出缺少单元测试的位置,以及应该优先创建新测试的位置。
Oh, and I've also been testing out Jester. It seems to be pretty good for finding holes in tests, even where the code has some coverage. Not recommended yet, simply because I've not used it enough, but one to test out.
哦,我也一直在测试Jester。在测试中找到漏洞似乎相当不错,即使代码有一些覆盖范围。不推荐,只是因为我没有使用它,而是一个测试。
I run these tools both from within Eclipse and as part of an automated build suite.
我从Eclipse中运行这些工具,并作为自动构建套件的一部分。
#2
For C, I use MEMWATCH. It's really easy to use and free.
对于C,我使用MEMWATCH。它非常易于使用和免费。
I've used it to find many memory bugs in the past.
我过去用它来发现很多内存错误。
#3
I used resharper and MS TS (basically FXCop) and both of them quite usefull especially in the following areas :
我使用了resharper和MS TS(基本上是FXCop),它们都非常有用,特别是在以下方面:
- Identifying dead code
- Wide Scope
- Performance improvements (related with globalization etc.)
识别死代码
绩效改进(与全球化等有关)
Recommendations are not always great but generally improved the quality of the code.
建议并不总是很好,但通常会提高代码的质量。
#4
I'm a long term user of PC-Lint for C and C++ and find it very helpful. These tools are most useful when taking over a code base you are unfamilier with. Over time you hit a law of diminishing returns, where the number of new bugs you find tends to trail off.
我是PC-Lint for C和C ++的长期用户,并且发现它非常有用。这些工具在接管您不熟悉的代码库时非常有用。随着时间的推移,你会达到一个收益递减规律,你发现的新错误的数量往往会落后。
I always still to a full project lint on a big release.
我总是在一个重要的版本上完成一个完整的项目。
Edit: There is a nice list of relevent tools on Wikipedia here
编辑:*上有一个很好的相关工具列表
#5
I'm pretty happy with ReSharper. Not only does it give useful bits of information while coding (e.g. needless casts, apply readonly and so forth) but its refactoring features are excellent for rearranging the code very quickly.
我对ReSharper非常满意。它不仅在编码时提供有用的信息位(例如,不必要的强制转换,只读应用等),但其重构功能非常适合非常快速地重新排列代码。
It doesn't cover everything, so FxCop (or similar) is a decent addition to the toolbox. However, as Resharper gives immediate feedback, the turnaround time is really good. (I'm aware that FxCop can be run from VS, but its just not the same imo).
它并不涵盖所有内容,因此FxCop(或类似)是工具箱的一个不错的补充。然而,由于Resharper提供即时反馈,周转时间非常好。 (我知道FxCop可以从VS运行,但它只是不一样的imo)。
#6
I find analyzers somewhat useful, i use the buildin to visual studio (ex. /analyze for c/c++ and the custom rules for .net), occasionally i use stylecop and codeitright for c# mostly for guidelines how things should be.
我发现分析器有点用处,我使用buildin到visual studio(例如/分析c / c ++和.net的自定义规则),偶尔我会使用stylecop和codeitright for c#主要用于指导事情应该如何。
I don't think there is a perfect tool for everything, that finds every bug, but i think the tools help to find some bugs, not untraceable, but believe me you would spend a ton of time finding them.
我认为没有一个完美的工具可以找到所有的bug,但是我觉得这些工具有助于找到一些bug,而不是无法追踪,但相信我你会花很多时间找到它们。
Yes your code quality is SOMEWHAT better than before, but i also believe manual debugging is still needed alot. Source analyzers are not the ultimate cure they are a good medicine though. If there was a tool that you just execute it and find any kind of bugs and fixes it for you would cost millions.
是的,您的代码质量比以前更好,但我也相信还需要手动调试。尽管如此,源分析仪并不是最终的治疗方法。如果有一个工具你只是执行它并找到任何类型的错误并修复它将花费数百万美元。
Some programmers that i know swear that IBM Rational PurifyPlus is superb, but that is their opinion i just had 2-3 sessions with the tool.
我知道一些程序员发誓IBM Rational PurifyPlus非常棒,但他们认为我只有2-3次使用该工具。
But always remember one of the basic principles of programming logical errors are the hardest for find and fix, so long debugging hours are inevitable. A good code analyzer combined with unit testing may work miracles thought.
但始终记住编程逻辑错误的基本原则之一是查找和修复最难,因此长时间的调试时间是不可避免的。一个好的代码分析器结合单元测试可能会创造奇迹。
PS. i tend to produce far less errors in C# than in C++, someone may say i am wrong but although i use c++ more years than c# i find the "code it and i will take care of it" gc approach of C# far easier than c++ especially for projects you rush thing to finish at the time limit/deadline, which EVERY project is like this days...
PS。我倾向于在C#中产生比在C ++中更少的错误,有人可能会说我错了,但是我使用c ++比c#更多年,我发现“代码它我会照顾它”C#的gc方法比c ++容易得多特别是对于你在时间限制/截止日期前赶紧完成的项目,每个项目都像今天这样......