28  

As Dan Fego pointed out, GCC can catch unused variables and unused static functions. It won't normally find unused extern functions as it normally works one source file at a time.

正如Dan Fego指出的，GCC可以捕获未使用的变量和未使用的静态函数。它通常不会发现未使用的外部函数，因为它通常一次只处理一个源文件。

GCC (v4.3.2) has hundreds if not thousands of options. One that might help is '--combine' to combine source files (as long as you're not in the habit of putting the same function or variable names inside different source files).

GCC (v4.3.2)有数百甚至数千个选项。一个可能有用的方法是“-combine”来组合源文件(只要您没有将相同的函数或变量名放在不同的源文件中)。

The option '--help' tells you more; the options '--help=optimizers' and '--help=warnings' each give you a couple hundred lines of output. The warnings include:

选项“帮助”告诉你更多;选项“帮助=优化器”和“帮助=警告”分别提供了数百行输出。这些警告包括:

-Wunused                    This switch lacks documentation
-Wunused-function           Warn when a function is unused
-Wunused-label              This switch lacks documentation
-Wunused-macros             Warn about macros defined in the main file that
                            are not used
-Wunused-parameter          Warn when a function parameter is unused
-Wunused-value              Warn when an expression value is unused
-Wunused-variable           Warn when a variable is unused

Added: this is a script called glint that I use to sanitize my code. It is quite old so it doesn't use the '#!/bin/sh' notation for the first line and it says '$*' instead of '"$@"', both of which should be fixed, but neither needs to be fixed urgently. Note that even though GCC 4.x no longer supports the '-fwriteable-strings' option, it still supports the '-Wwrite-strings' option and that has value.

添加:这是一个名为glint的脚本，我使用它来清理代码。它很老，所以不使用#!第一行的/bin/sh'表示法，它说'$*'而不是' '$ @ ' '，两者都应该是固定的，但都不需要紧急修复。注意，即使GCC 4。x不再支持“-fwriteable-strings”选项，它仍然支持“-Wwrite-strings”选项，该选项有价值。

This script demonstrates that you can get a lot of mileage out of existing tools with just a small amount of work. You can configure just about every option it uses - albeit mainly via the environment rather than the command line. Of course, you can add extra warning options to the command line; what you can't do is remove predetermined options except via the environment. But that's OK; they're chosen by default for good reasons. These days, I'd probably set 'GLINT_ANSI=-std=c99' or fix the script; I've not been using it much of late since I code fairly closely to the standard that glint enforces. (Note that the '-o /dev/null' means that you can only do one file at a time; hack to fix!)

这个脚本演示了使用现有的工具只需要少量的工作就可以获得很多好处。您可以配置它使用的几乎所有选项——尽管主要是通过环境而不是命令行。当然，您可以向命令行添加额外的警告选项;除了通过环境，您不能删除预先确定的选项。但是没关系;他们的选择是默认的。这些天，我可能会设置“GLINT_ANSI=-std=c99”或修改脚本;由于我的代码与glint执行的标准非常接近，所以我最近没有使用它。(注意，'-o /dev/null'表示一次只能做一个文件;黑客解决!)

:   "@(#)$Id: glint.sh,v 1.5 2002/08/09 21:40:52 jleffler Exp jleffler $"
#
#   Use GCC as excruciatingly pedantic lint
#   Not a complete replacement for lint -- it doesn't do inter-file checking.
#   Now configurable via the environment.
#   Use GLINT_EXTRA_FLAGS to set extra flags via the environment.
#   NB: much Solaris code won't work with -undef enabled.

: ${GLINT_GCC:='gcc'}

: ${GLINT_ANSI='-ansi'}
: ${GLINT_FNO_COMMON='-fno-common'}
: ${GLINT_FSHORT_ENUMS='-fshort-enums'}
: ${GLINT_PEDANTIC='-pedantic'}
: ${GLINT_UNDEF='-undef'}
: ${GLINT_W='-W'}
: ${GLINT_WAGGREGATE_RETURN='-Waggregate-return'}
: ${GLINT_WALL='-Wall'}
: ${GLINT_WCAST_ALIGN='-Wcast-align'}
: ${GLINT_WCAST_QUAL='-Wcast-qual'}
: ${GLINT_WCONVERSION='-Wconversion'}
: ${GLINT_WMISSING_DECLARATIONS='-Wmissing-declarations'}
: ${GLINT_WREDUNDANT_DECLS='-Wredundant-decls'}
: ${GLINT_WMISSING_PROTOTYPES='-Wmissing-prototypes'}
: ${GLINT_WNESTED_EXTERNS='-Wnested-externs'}
: ${GLINT_WPOINTER_ARITH='-Wpointer-arith'}
: ${GLINT_WSHADOW='-Wshadow'}
: ${GLINT_WSTRICT_PROTOTYPES='-Wstrict-prototypes'}
: # ${GLINT_WTRADITIONAL='-Wtraditional'}
: ${GLINT_WWRITE_STRINGS='-Wwrite-strings'}

exec ${GLINT_GCC} \
    ${GLINT_ANSI} \
    ${GLINT_FNO_COMMON} \
    ${GLINT_FSHORT_ENUMS} \
    ${GLINT_PEDANTIC} \
    ${GLINT_UNDEF} \
    ${GLINT_WAGGREGATE_RETURN} \
    ${GLINT_WALL} \
    ${GLINT_WCAST_ALIGN} \
    ${GLINT_WCAST_QUAL} \
    ${GLINT_WCONVERSION} \
    ${GLINT_WMISSING_DECLARATIONS} \
    ${GLINT_WREDUNDANT_DECLS} \
    ${GLINT_WMISSING_PROTOTYPES} \
    ${GLINT_WNESTED_EXTERNS} \
    ${GLINT_WPOINTER_ARITH} \
    ${GLINT_WSHADOW} \
    ${GLINT_WSTRICT_PROTOTYPES} \
    ${GLINT_WTRADITIONAL} \
    ${GLINT_WWRITE_STRINGS} \
    ${GLINT_W} \
    ${GLINT_EXTRA_FLAGS} \
    -o /dev/null -O4 -g -c $*

14  

Lint is the classic tool for checking style on C programs. There's more modern incarnation of it called Splint. This Wikipedia entry has a list of static code analysis tools, some free, some commercial.

Lint是检查C程序样式的经典工具。更现代的版本叫做夹板。这个Wikipedia条目有一个静态代码分析工具列表，有些是免费的，有些是商业的。

10  

Although I am sure that this is not a comprehensive list of static code analysis tools, here are my impressions of some different ones that I've worked with in the past. (I work mostly with C.)

尽管我确信这不是一个静态代码分析工具的全面列表，但以下是我对过去使用过的一些不同工具的印象。(我主要和c一起工作。)

1. Splint: I often use Splint because it is available for many GNU/Linux distributions. It is relatively easy to work with; however, it tends to be overwhelming when operating under the strictest setting. Moreover, the sometimes-necessary use of annotations can clutter and obfuscate easily-readable code. Regardless, I suggest using it.

   夹板:我经常使用夹板，因为它适用于许多GNU/Linux发行版。相对来说比较容易处理;然而，在最严格的环境下运行时，它往往是压倒性的。此外，有时必要的注释使用可能会使易于阅读的代码变得混乱和混乱。无论如何，我建议使用它。

2. Uno: Uno is definitely a promising, but it is not as rigorous as Splint (by design). Instead, it focuses on the clarity and usefulness of its warnings. For me, Uno is only useful as a supplement to Splint (to clearly point out warnings hidden among the comparatively many that Splint issues).

   Uno: Uno绝对是一个有前途的公司，但它没有夹板那么严格(按照设计)。相反，它关注的是其警告的清晰性和实用性。对我来说，Uno只是作为对夹板的补充(明确指出在相对较多的夹板问题中隐藏的警告)。

3. PC-lint: I find that PC-lint is unwieldy for a proprietary program. I once used it when developing for MS-DOS and cryptic names it uses for its errors made it very difficult to use. From what I hear, there are many better products to use on MS-DOS.

   PC-lint:我发现PC-lint对于一个私有程序来说很笨拙。我曾经在为MS-DOS开发时使用过它，它用于错误的神秘名称使它很难使用。据我所知，在MS-DOS上有许多更好的产品。

4. Pscan: (Dead hyperlink) Pscan is great for finding format string vulnerabilities! As with Uno, I suggest using it as a supplement to Splint.

   Pscan:(死超链接)Pscan是查找格式字符串漏洞的好工具!和Uno一样，我建议使用它作为夹板的补充。

If you do not work with C, you may also want to check out: Wikipedia - List of tools for static code analysis, Inspection/Review Tools, Source/Binary Code Static Analyzers, and Source Code Security Analyzers.

如果您不使用C，您可能还想检查:Wikipedia—用于静态代码分析、检查/检查工具、源代码/二进制代码静态分析器和源代码安全分析器的工具列表。

6  

If you run gcc with -Wall, it'll catch some of the things you mention, such as unused variables (and perhaps unused functions). In terms of optimizations, I don't, though in general the compiler is smart enough to make the kinds of optimizations that matter, so I wouldn't worry too much. Just don't use horrible algorithms. ;-)

如果您使用-Wall运行gcc，它将捕获您提到的一些东西，比如未使用的变量(可能还有未使用的函数)。就优化而言，我不这么认为，不过一般来说，编译器足够聪明，可以进行重要的优化，所以我不会太担心。不要使用可怕的算法。:-)

3  

splint (http://www.splint.org/) is quite excellent; I've used it on megaline codes to look for this sort of thing,

夹板(http://www.splint.org/)相当出色;我把它用在超大码上寻找这类东西，

(Updated: everybody wants to be an art director.)

(更新:每个人都想成为艺术总监。)

0  

How about to use a profiler and find what code is running the most, and focus in on those parts.

如何使用剖析器并找出运行最多的代码，并关注这些部分。

Maybe gprof can help out?

也许gprof可以帮忙?

/Johan

/约翰

Edit: Or since you talked about cleanup, invert my answer above and remove the code that never executes.

编辑:或者既然您谈到了清理，请将我的答案转化为上面的答案，并删除不执行的代码。