I develop commercial unmanaged C++ app on Visual Studio 2008, and I want to add a static-code analysis tool.
我在Visual Studio 2008上开发了商业非托管C ++应用程序,我想添加一个静态代码分析工具。
Any recommendations?
I think it would be real nice if the tool can be integrated into MSVC.
我认为如果该工具可以集成到MSVC中将是非常好的。
I'm thinking about PC-Lint + Visual Lint
我正在考虑PC-Lint + Visual Lint
However, I have been taking a hard look at Coverity, Understand, and Klockwork as well.
但是,我一直在仔细研究Coverity,Understanding和Klockwork。
Price isnt really the issue. I want opinions from people who actually used the tool for unmanaged C++ on MSVC, and they just absolutely loved it.
价格不是真正的问题。我想要那些在MSVC上实际使用该工具进行非托管C ++的人的意见,他们非常喜欢它。
Lastly, VSTS and Intel Parallel Studio now also offer static code analysis. Nice~
最后,VSTS和Intel Parallel Studio现在还提供静态代码分析。尼斯〜
Note: related post suggest Coverity is the best (?) (see last 2 posts)
注意:相关帖子建议Coverity是最好的(?)(参见最后2篇帖子)
5 个解决方案
#1
I work for RedLizard building Goanna, a C++ static analysis plugin for Visual Studio. Its focus is on desktop use by a programmer. You can run it on individual files, just as you do the compiler, and it can give you results quickly.
我为RedLizard构建Goanna,这是一个用于Visual Studio的C ++静态分析插件。它的重点是程序员使用桌面。您可以像编译器一样在单个文件上运行它,它可以快速为您提供结果。
There is a trial available. Right-click a file, select Run Goanna, and the results appear in the Visual Studio warnings list.
有试用版。右键单击文件,选择Run Goanna,结果将显示在Visual Studio警告列表中。
#2
Beyond all those you mentioned, VS Team Developer edition comes bundled with a nice static analysis tool called prefast. Its (obviously..) well integrated into the IDE, and accessible via the menus. Its in fact a public release of an MS internal tool - a thin version of a tool called Prefix they run on their builds. Personally, when I faced the same decision, prefast sufficed.
除了你提到的所有内容之外,VS Team Developer版还捆绑了一个名为prefast的静态分析工具。它(很明显......)很好地集成到IDE中,可通过菜单访问。它实际上是一个MS内部工具的公开发布 - 一个名为Prefix的工具的精简版,它们在它们的构建上运行。就个人而言,当我面临同样的决定时,早早就足够了。
#3
You can try CppDepend, a pretty complete c and c++ static analyzer, well integrated with VS 2008, 2010, 2012, 2013 and 2015.
您可以尝试CppDepend,一个非常完整的c和c ++静态分析器,与VS 2008,2010,2012,2013和2015完美集成。
#4
I just started using cppcheck which I like very much due to the low noise.
我刚刚开始使用cppcheck,因为噪音低,我非常喜欢。
Although it does not integrate directly with Visual Studio 2008, VS can be customized and you should be able to integrate it directly into the IDE.
虽然它不能直接与Visual Studio 2008集成,但VS可以自定义,您应该能够将它直接集成到IDE中。
#5
I use PVS-Studio static code analyzer. This static code analyzer good integrated with Visual Studio 2005, 2008, 2010, 2012, 2013.
我使用PVS-Studio静态代码分析器。这个静态代码分析器很好地与Visual Studio 2005,2008,2010,2012,2013集成。
It has many additional features:
它还有许多其他功能:
-
Verification of files which were recently modified several days ago;
验证几天前最近修改过的文件;
-
Verification of files by their filenames from within the text file list;
通过文本文件列表中的文件名验证文件;
-
version control systems integration; ability to operate fro m command line interface;
版本控制系统集成;从命令行界面操作的能力;
-
«False Alarms» marking; saving and loading of analysis results;
«假警报»标记;保存和加载分析结果;
-
utilizing all available cores and processors;
利用所有可用的核心和处理器;
etc...
#1
I work for RedLizard building Goanna, a C++ static analysis plugin for Visual Studio. Its focus is on desktop use by a programmer. You can run it on individual files, just as you do the compiler, and it can give you results quickly.
我为RedLizard构建Goanna,这是一个用于Visual Studio的C ++静态分析插件。它的重点是程序员使用桌面。您可以像编译器一样在单个文件上运行它,它可以快速为您提供结果。
There is a trial available. Right-click a file, select Run Goanna, and the results appear in the Visual Studio warnings list.
有试用版。右键单击文件,选择Run Goanna,结果将显示在Visual Studio警告列表中。
#2
Beyond all those you mentioned, VS Team Developer edition comes bundled with a nice static analysis tool called prefast. Its (obviously..) well integrated into the IDE, and accessible via the menus. Its in fact a public release of an MS internal tool - a thin version of a tool called Prefix they run on their builds. Personally, when I faced the same decision, prefast sufficed.
除了你提到的所有内容之外,VS Team Developer版还捆绑了一个名为prefast的静态分析工具。它(很明显......)很好地集成到IDE中,可通过菜单访问。它实际上是一个MS内部工具的公开发布 - 一个名为Prefix的工具的精简版,它们在它们的构建上运行。就个人而言,当我面临同样的决定时,早早就足够了。
#3
You can try CppDepend, a pretty complete c and c++ static analyzer, well integrated with VS 2008, 2010, 2012, 2013 and 2015.
您可以尝试CppDepend,一个非常完整的c和c ++静态分析器,与VS 2008,2010,2012,2013和2015完美集成。
#4
I just started using cppcheck which I like very much due to the low noise.
我刚刚开始使用cppcheck,因为噪音低,我非常喜欢。
Although it does not integrate directly with Visual Studio 2008, VS can be customized and you should be able to integrate it directly into the IDE.
虽然它不能直接与Visual Studio 2008集成,但VS可以自定义,您应该能够将它直接集成到IDE中。
#5
I use PVS-Studio static code analyzer. This static code analyzer good integrated with Visual Studio 2005, 2008, 2010, 2012, 2013.
我使用PVS-Studio静态代码分析器。这个静态代码分析器很好地与Visual Studio 2005,2008,2010,2012,2013集成。
It has many additional features:
它还有许多其他功能:
-
Verification of files which were recently modified several days ago;
验证几天前最近修改过的文件;
-
Verification of files by their filenames from within the text file list;
通过文本文件列表中的文件名验证文件;
-
version control systems integration; ability to operate fro m command line interface;
版本控制系统集成;从命令行界面操作的能力;
-
«False Alarms» marking; saving and loading of analysis results;
«假警报»标记;保存和加载分析结果;
-
utilizing all available cores and processors;
利用所有可用的核心和处理器;
etc...