您使用什么工具进行静态代码分析?

时间:2022-09-02 09:01:29

This question on Cyclomatic Complexity made me think more about static code analysis. Analyzing code complexity and consistency is occasionally useful, and I'd like to start doing it more. What tools do you recommend (per language) for such analysis? Wikipedia has a large list of tools, but which ones have people tried before?

关于Cyclomatic Complexity的这个问题使我更多地考虑静态代码分析。分析代码复杂性和一致性偶尔会有用,我想开始做更多。您推荐哪些工具(每种语言)进行此类分析?*有很多工具,但以前有人试过哪些工具?

Edit: As David points out, this is not a completely unasked question when it comes to C/UNIX based tools.

编辑:正如大卫所指出的,当涉及到基于C / UNIX的工具时,这不是一个完全没有问题的问题。

14 个解决方案

#1


23  

I have been setting up a Hudson continuous integration (CI) build system for my Objective-C iPhone projects (iOS apps), and have compiled a varied list of tools that can be used to analyse my projects during a build:

我已经为我的Objective-C iPhone项目(iOS应用程序)建立了一个Hudson持续集成(CI)构建系统,并编译了一系列可用于在构建期间分析我的项目的工具:

  • Clang static analyzer: free, up-to-date stand-alone tool that catches more issues than the version of Clang included with Xcode 4. Active project. -- visit http://clang-analyzer.llvm.org

    Clang静态分析器:免费的,最新的独立工具,比Xcode 4附带的Clang版本引发更多问题。活动项目。 - 访问http://clang-analyzer.llvm.org

  • Doxygen: free documentation generation tool that also generates class dependency diagrams. Active project -- visit http://www.stack.nl/~dimitri/doxygen

    Doxygen:免费的文档生成工具,它也生成类依赖关系图。活动项目 - 访问http://www.stack.nl/~dimitri/doxygen

  • HFCCA (header-free cyclomatic complexity analyzer): free Python script to calculate code complexity, but without header files and pre-processors. Supports output in XML format for Hudson/Jenkins builds. Active project. -- visit http://code.google.com/p/headerfile-free-cyclomatic-complexity-analyzer

    HFCCA(无标题的圈复杂度分析器):免费的Python脚本来计算代码复杂性,但没有头文件和预处理器。支持Hudson / Jenkins构建的XML格式输出。活跃的项目。 - 访问http://code.google.com/p/headerfile-free-cyclomatic-complexity-analyzer

  • CLOC (count lines of code): free tool to count files, lines of code, comments, and blank lines. Supports diffing, so you can see the differences between builds. Active project. -- visit http://cloc.sourceforge.net

    CLOC(计算代码行):用于计算文件,代码行,注释和空行的免费工具。支持diffing,因此您可以看到构建之间的差异。活跃的项目。 - 访问http://cloc.sourceforge.net

  • SLOCcount (source lines of code count): a free tool to count lines of code and estimate the costs and time associated with a project. Does not appear to be active. -- visit http://sourceforge.net/projects/sloccount and http://www.dwheeler.com/sloccount

    SLOCcount(代码计数源代码行):一种免费工具,用于计算代码行数并估算与项目相关的成本和时间。似乎没有活动。 - 访问http://sourceforge.net/projects/sloccount和http://www.dwheeler.com/sloccount

  • AnalysisTool: free code analysis tool that measures code complexity and also generates dependency diagrams. Not active. Does not seem to work with Xcode 4, but I would love to get it working. -- visit http://www.karppinen.fi/analysistool

    AnalysisTool:免费代码分析工具,可测量代码复杂性并生成依赖关系图。不活跃。似乎不适用于Xcode 4,但我很乐意让它工作。 - 访问http://www.karppinen.fi/analysistool

#2


6  

For C and Objective-C, you can also use the LLVM/Clang Static Analyzer.

对于C和Objective-C,您还可以使用LLVM / Clang静态分析器。

It's Open Source and under active development.

它是开源的,并且正在积极开发中。

#3


5  

For .Net we use NDepend. It is a great tool and can be integrated to the build (we use CCNet).

对于.Net,我们使用NDepend。它是一个很棒的工具,可以集成到构建中(我们使用CCNet)。

http://www.ndepend.com/

HTH.

#4


3  

For C++, I use CppCheck. It seems to work fine.

对于C ++,我使用CppCheck。它似乎工作正常。

#5


2  

I use the PMD plugin for Eclipse a lot. It's pretty nice, and very configurable. CheckStyle is also good, if you're looking for more of a style enforcer.

我经常使用Eclipse的PMD插件。它非常好,而且非常易于配置。 CheckStyle也很好,如果你正在寻找更多的风格执行者。

#6


2  

Checkstyle, Findbugs, and PMD all work pretty well in Java. I'm currently pretty happy with PMD running in NetBeans. It has a fairly simple GUI for managing what rules you want to run. It's also very easy to run the checker on one file, an entire package, or an entire project.

Checkstyle,Findbugs和PMD在Java中都运行良好。我目前对在NetBeans中运行的PMD非常满意。它有一个相当简单的GUI,用于管理您要运行的规则。在一个文件,整个包或整个项目上运行检查器也非常容易。

#7


2  

Also see the question Choosing a static code analysis tool if you're looking for C/UNIX based tools.

如果您正在寻找基于C / UNIX的工具,请参阅选择静态代码分析工具的问题。

#8


2  

Obviously, the answer depends on the programming languages. UNO is good for C programs.

显然,答案取决于编程语言。 UNO有利于C计划。

@Thomas Owens: I think you meant Splint.

@Thomas Owens:我认为你的意思是Splint。

#9


1  

Lint is the only one I have used at a previous position. It wasn't bad, most of the things it suggested were good catches, some didn't make much sense. As long you don't have a process in place to ensure that there are no lint errors or warnings, then it is useful to perhaps catch some otherwise hidden bugs

Lint是我在之前位置使用的唯一一个。它并不坏,它建议的大多数东西都是好的捕获,有些没有多大意义。只要你没有一个流程来确保没有lint错误或警告,那么它可能会捕获一些其他隐藏的bug

#10


1  

We use Coverity Prevent at Palm for C and C++ code analysis, and it's done a great job of uncovering some hidden bugs in our code. It also finds a lot of not likely to be hit problems, but it's easy to mark those as "will not fix" or "not a problem" in the code database that the tool generates. It is expensive, but the company occasionally does runs on open source projects and provides reports to the maintainers. They have a whitepaper about our use of the product on their site if you want to read more about our experience.

我们在Palm上使用Coverity Prevent进行C和C ++代码分析,它在我们的代码中发现了一些隐藏的错误。它还发现很多不太可能出现问题,但很容易在工具生成的代码数据库中将其标记为“不会修复”或“不是问题”。它很昂贵,但该公司偶尔会在开源项目上运行,并向维护人员提供报告。如果您想了解更多我们的体验,他们会在我们的网站上提供有关我们在该网站上使用该产品的白皮书。

#11


1  

My admins are really cheap, so can I only use really cheap tools:

我的管理员非常便宜,所以我只能使用非常便宜的工具:

1) CCCC (C / C++ Code Counter): Various results related to number of lines (vs. lines of comments, cyclomatic complexity, Information flow, ...) 2) Semian: Fastest code duplication finder I ever tried. 3) LOC Metrix: Not very usefull but can help to make a point.

1)CCCC(C / C ++代码计数器):与行数相关的各种结果(与注释行,圈复杂度,信息流等...)2)Semian:我尝试过的最快的代码复制查找器。 3)LOC Metrix:不是很有用,但可以帮助说明一点。

#12


1  

We use Programming Research's QAC for our C code. Works OK.

我们将Programming Research的QAC用于我们的C代码。工作正常。

Recently we have been talking about checking out some of the more advanced and static/dynamic code analyzers like Coverity's Prevent or the analysis tool by GrammaTech.

最近,我们一直在讨论检查一些更先进的静态/动态代码分析器,如Coverity的Prevent或GrammaTech的分析工具。

They claim to not only do static analysis but also find runtime errors etc. One major selling point is supposed to be fewer false positives.

他们声称不仅要进行静态分析,还要发现运行时错误等。一个主要卖点是误报率较低。

#13


0  

The only time I've ever used one of those tools is Split (C programming language). I thought it was helpful, but I was by no means a power user and I think I barely scratched the surface of what it could do.

我曾经使用过其中一种工具的唯一一次是Split(C编程语言)。我认为这很有帮助,但我绝不是一个超级用户,而且我认为我几乎没有触及它能做什么的表面。

#14


0  

I've used quite a few open-source and commercial static analysis tools across many languages and I find that the overall discussion fits under the umbrella of a concept known as technical debt (which this article goes into detail about).

我在很多语言中使用了很多开源和商业静态分析工具,我发现整体讨论都属于技术债务概念的保护范围(本文详细介绍了这一概念)。

However for a quick answer, here are my favorites per language:

但是为了快速回答,这是我最喜欢的每种语言:

#1


23  

I have been setting up a Hudson continuous integration (CI) build system for my Objective-C iPhone projects (iOS apps), and have compiled a varied list of tools that can be used to analyse my projects during a build:

我已经为我的Objective-C iPhone项目(iOS应用程序)建立了一个Hudson持续集成(CI)构建系统,并编译了一系列可用于在构建期间分析我的项目的工具:

  • Clang static analyzer: free, up-to-date stand-alone tool that catches more issues than the version of Clang included with Xcode 4. Active project. -- visit http://clang-analyzer.llvm.org

    Clang静态分析器:免费的,最新的独立工具,比Xcode 4附带的Clang版本引发更多问题。活动项目。 - 访问http://clang-analyzer.llvm.org

  • Doxygen: free documentation generation tool that also generates class dependency diagrams. Active project -- visit http://www.stack.nl/~dimitri/doxygen

    Doxygen:免费的文档生成工具,它也生成类依赖关系图。活动项目 - 访问http://www.stack.nl/~dimitri/doxygen

  • HFCCA (header-free cyclomatic complexity analyzer): free Python script to calculate code complexity, but without header files and pre-processors. Supports output in XML format for Hudson/Jenkins builds. Active project. -- visit http://code.google.com/p/headerfile-free-cyclomatic-complexity-analyzer

    HFCCA(无标题的圈复杂度分析器):免费的Python脚本来计算代码复杂性,但没有头文件和预处理器。支持Hudson / Jenkins构建的XML格式输出。活跃的项目。 - 访问http://code.google.com/p/headerfile-free-cyclomatic-complexity-analyzer

  • CLOC (count lines of code): free tool to count files, lines of code, comments, and blank lines. Supports diffing, so you can see the differences between builds. Active project. -- visit http://cloc.sourceforge.net

    CLOC(计算代码行):用于计算文件,代码行,注释和空行的免费工具。支持diffing,因此您可以看到构建之间的差异。活跃的项目。 - 访问http://cloc.sourceforge.net

  • SLOCcount (source lines of code count): a free tool to count lines of code and estimate the costs and time associated with a project. Does not appear to be active. -- visit http://sourceforge.net/projects/sloccount and http://www.dwheeler.com/sloccount

    SLOCcount(代码计数源代码行):一种免费工具,用于计算代码行数并估算与项目相关的成本和时间。似乎没有活动。 - 访问http://sourceforge.net/projects/sloccount和http://www.dwheeler.com/sloccount

  • AnalysisTool: free code analysis tool that measures code complexity and also generates dependency diagrams. Not active. Does not seem to work with Xcode 4, but I would love to get it working. -- visit http://www.karppinen.fi/analysistool

    AnalysisTool:免费代码分析工具,可测量代码复杂性并生成依赖关系图。不活跃。似乎不适用于Xcode 4,但我很乐意让它工作。 - 访问http://www.karppinen.fi/analysistool

#2


6  

For C and Objective-C, you can also use the LLVM/Clang Static Analyzer.

对于C和Objective-C,您还可以使用LLVM / Clang静态分析器。

It's Open Source and under active development.

它是开源的,并且正在积极开发中。

#3


5  

For .Net we use NDepend. It is a great tool and can be integrated to the build (we use CCNet).

对于.Net,我们使用NDepend。它是一个很棒的工具,可以集成到构建中(我们使用CCNet)。

http://www.ndepend.com/

HTH.

#4


3  

For C++, I use CppCheck. It seems to work fine.

对于C ++,我使用CppCheck。它似乎工作正常。

#5


2  

I use the PMD plugin for Eclipse a lot. It's pretty nice, and very configurable. CheckStyle is also good, if you're looking for more of a style enforcer.

我经常使用Eclipse的PMD插件。它非常好,而且非常易于配置。 CheckStyle也很好,如果你正在寻找更多的风格执行者。

#6


2  

Checkstyle, Findbugs, and PMD all work pretty well in Java. I'm currently pretty happy with PMD running in NetBeans. It has a fairly simple GUI for managing what rules you want to run. It's also very easy to run the checker on one file, an entire package, or an entire project.

Checkstyle,Findbugs和PMD在Java中都运行良好。我目前对在NetBeans中运行的PMD非常满意。它有一个相当简单的GUI,用于管理您要运行的规则。在一个文件,整个包或整个项目上运行检查器也非常容易。

#7


2  

Also see the question Choosing a static code analysis tool if you're looking for C/UNIX based tools.

如果您正在寻找基于C / UNIX的工具,请参阅选择静态代码分析工具的问题。

#8


2  

Obviously, the answer depends on the programming languages. UNO is good for C programs.

显然,答案取决于编程语言。 UNO有利于C计划。

@Thomas Owens: I think you meant Splint.

@Thomas Owens:我认为你的意思是Splint。

#9


1  

Lint is the only one I have used at a previous position. It wasn't bad, most of the things it suggested were good catches, some didn't make much sense. As long you don't have a process in place to ensure that there are no lint errors or warnings, then it is useful to perhaps catch some otherwise hidden bugs

Lint是我在之前位置使用的唯一一个。它并不坏,它建议的大多数东西都是好的捕获,有些没有多大意义。只要你没有一个流程来确保没有lint错误或警告,那么它可能会捕获一些其他隐藏的bug

#10


1  

We use Coverity Prevent at Palm for C and C++ code analysis, and it's done a great job of uncovering some hidden bugs in our code. It also finds a lot of not likely to be hit problems, but it's easy to mark those as "will not fix" or "not a problem" in the code database that the tool generates. It is expensive, but the company occasionally does runs on open source projects and provides reports to the maintainers. They have a whitepaper about our use of the product on their site if you want to read more about our experience.

我们在Palm上使用Coverity Prevent进行C和C ++代码分析,它在我们的代码中发现了一些隐藏的错误。它还发现很多不太可能出现问题,但很容易在工具生成的代码数据库中将其标记为“不会修复”或“不是问题”。它很昂贵,但该公司偶尔会在开源项目上运行,并向维护人员提供报告。如果您想了解更多我们的体验,他们会在我们的网站上提供有关我们在该网站上使用该产品的白皮书。

#11


1  

My admins are really cheap, so can I only use really cheap tools:

我的管理员非常便宜,所以我只能使用非常便宜的工具:

1) CCCC (C / C++ Code Counter): Various results related to number of lines (vs. lines of comments, cyclomatic complexity, Information flow, ...) 2) Semian: Fastest code duplication finder I ever tried. 3) LOC Metrix: Not very usefull but can help to make a point.

1)CCCC(C / C ++代码计数器):与行数相关的各种结果(与注释行,圈复杂度,信息流等...)2)Semian:我尝试过的最快的代码复制查找器。 3)LOC Metrix:不是很有用,但可以帮助说明一点。

#12


1  

We use Programming Research's QAC for our C code. Works OK.

我们将Programming Research的QAC用于我们的C代码。工作正常。

Recently we have been talking about checking out some of the more advanced and static/dynamic code analyzers like Coverity's Prevent or the analysis tool by GrammaTech.

最近,我们一直在讨论检查一些更先进的静态/动态代码分析器,如Coverity的Prevent或GrammaTech的分析工具。

They claim to not only do static analysis but also find runtime errors etc. One major selling point is supposed to be fewer false positives.

他们声称不仅要进行静态分析,还要发现运行时错误等。一个主要卖点是误报率较低。

#13


0  

The only time I've ever used one of those tools is Split (C programming language). I thought it was helpful, but I was by no means a power user and I think I barely scratched the surface of what it could do.

我曾经使用过其中一种工具的唯一一次是Split(C编程语言)。我认为这很有帮助,但我绝不是一个超级用户,而且我认为我几乎没有触及它能做什么的表面。

#14


0  

I've used quite a few open-source and commercial static analysis tools across many languages and I find that the overall discussion fits under the umbrella of a concept known as technical debt (which this article goes into detail about).

我在很多语言中使用了很多开源和商业静态分析工具,我发现整体讨论都属于技术债务概念的保护范围(本文详细介绍了这一概念)。

However for a quick answer, here are my favorites per language:

但是为了快速回答,这是我最喜欢的每种语言: