Static-code analyzer: unmanaged C++ Visual Studio

2020-07-08 01:53发布

问题:

I develop commercial unmanaged C++ app on Visual Studio 2008, and I want to add a static-code analysis tool.

Any recommendations?

I think it would be real nice if the tool can be integrated into MSVC.

I'm thinking about PC-Lint + Visual Lint

However, I have been taking a hard look at Coverity, Understand, and Klockwork as well.

Price isnt really the issue. I want opinions from people who actually used the tool for unmanaged C++ on MSVC, and they just absolutely loved it.

Lastly, VSTS and Intel Parallel Studio now also offer static code analysis. Nice~

Note: related post suggest Coverity is the best (?) (see last 2 posts)

回答1:

I work for RedLizard building Goanna, a C++ static analysis plugin for Visual Studio. Its focus is on desktop use by a programmer. You can run it on individual files, just as you do the compiler, and it can give you results quickly.

There is a trial available. Right-click a file, select Run Goanna, and the results appear in the Visual Studio warnings list.



回答2:

Beyond all those you mentioned, VS Team Developer edition comes bundled with a nice static analysis tool called prefast. Its (obviously..) well integrated into the IDE, and accessible via the menus. Its in fact a public release of an MS internal tool - a thin version of a tool called Prefix they run on their builds. Personally, when I faced the same decision, prefast sufficed.



回答3:

You can try CppDepend, a pretty complete c and c++ static analyzer, well integrated with VS 2008, 2010, 2012, 2013 and 2015.



回答4:

I just started using cppcheck which I like very much due to the low noise.

Although it does not integrate directly with Visual Studio 2008, VS can be customized and you should be able to integrate it directly into the IDE.



回答5:

I use PVS-Studio static code analyzer. This static code analyzer good integrated with Visual Studio 2005, 2008, 2010, 2012, 2013.

It has many additional features:

  1. Verification of files which were recently modified several days ago;

  2. Verification of files by their filenames from within the text file list;

  3. version control systems integration; ability to operate fro m command line interface;

  4. «False Alarms» marking; saving and loading of analysis results;

  5. utilizing all available cores and processors;

  6. etc...