Looking for Code Analysis / Checking Tool

This is a discussion on Looking for Code Analysis / Checking Tool within the A Brief History of Cprogramming.com forums, part of the Community Boards category; I'm looking for some C/C++ code analysis tools. Preferably for a Win32 platform, as our software is Win32/MFC. The tool ...

  1. #1
    the hat of redundancy hat nvoigt's Avatar
    Join Date
    Aug 2001
    Location
    Hannover, Germany
    Posts
    3,139

    Looking for Code Analysis / Checking Tool

    I'm looking for some C/C++ code analysis tools. Preferably for a Win32 platform, as our software is Win32/MFC. The tool should look for security issues like format string vulnerabilities and check code complexity, anything else would be a welcome bonus.

    The tool should be free as in "management doesn't want to pay a single dollar" ( or euro in our case ).

    There seems to be a ton of tools out there. FlawFinder looked nice, but has no Windows port and I'll look into RATS tomorrow. Do you use such tools and what have you experienced using them ? Does anyone have recommendations ?
    hth
    -nv

    She was so Blonde, she spent 20 minutes looking at the orange juice can because it said "Concentrate."

    When in doubt, read the FAQ.
    Then ask a smart question.

  2. #2
    and the hat of wrongness Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    32,506
    Lets say for example that your cost to the company is $60 per hour (that's your pre-tax salary, plus various employer taxes, your benefits and the cost of providing you with desk, chair, PC, heat, light etc).
    In 4 hours the company could have bought PC-Lint.

    How many bugs do you think one person can find in that time?

    How many bugs do you think PC-Lint will flush out the first time you run it?

    Maybe they'll buy the argument, but then again, bean-counters have some very weird maths.

    For $0, consider http://splint.org/
    But I don't think it's quite up to industrial scale use yet. Plus it can be extremely fussy over trivial details, so filtering what's important might take some getting used to.

    In an off-hand way
    http://en.wikipedia.org/wiki/List_of..._code_analysis
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.
    I support http://www.ukip.org/ as the first necessary step to a free Europe.

  3. #3
    Just Lurking Dave_Sinkula's Avatar
    Join Date
    Oct 2002
    Posts
    5,006
    I'd definitely second PC-lint. And have pretty much the same comment for splint.
    7. It is easier to write an incorrect program than understand a correct one.
    40. There are two ways to write error-free programs; only the third one works.*

  4. #4
    Captain Crash brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,239
    Quote Originally Posted by nvoigt View Post
    There seems to be a ton of tools out there. FlawFinder looked nice, but has no Windows port
    You may not need a Windows port. If it's a basic terminal app (which I figure it is), you can probably compile it completely unchanged using Cygwin. Cygwin is also free, and a great thing to have around as it allows you to use a huge variety of UNIX-targetted software on Windows.

  5. #5
    the hat of redundancy hat nvoigt's Avatar
    Join Date
    Aug 2001
    Location
    Hannover, Germany
    Posts
    3,139
    Thanks for the hints, I'll have a look. SPlint seems ok, I found PREfast when looking around, seems to be worth a test, too.

    My personal opinion is that a tool like PC-lint is worth the money, but we just strechted our budged by a fair share when we bought the new VS, so I guess I will try to find a free alternative. It's better to spend the time looking for a good free tool than fighting a battle over money that I know I will lose
    hth
    -nv

    She was so Blonde, she spent 20 minutes looking at the orange juice can because it said "Concentrate."

    When in doubt, read the FAQ.
    Then ask a smart question.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Profiler Valgrind
    By afflictedd2 in forum C++ Programming
    Replies: 4
    Last Post: 07-18-2008, 09:38 AM
  2. Any Memory Leak Checking Tool?
    By George2 in forum C Programming
    Replies: 4
    Last Post: 06-21-2006, 11:02 PM
  3. 3D Network Analysis Tool
    By durban in forum Projects and Job Recruitment
    Replies: 1
    Last Post: 11-08-2005, 05:33 PM
  4. Problems about gcc installation
    By kevin_cat in forum Linux Programming
    Replies: 4
    Last Post: 08-09-2005, 09:05 AM
  5. Source Code Analysis Tool?
    By Sereby in forum C Programming
    Replies: 4
    Last Post: 02-18-2005, 08:11 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21