We have been working on an Eclipse CDT plug-in called metriculator. Its still under development but some major metrics (e.g. LSLOC, McCabe, EfferentCoupling) are already implemented.

See http://sinv-56013.edu.hsr.ch/redmine/projects/metricular/wiki/Documentation for more details like video demonstration and documentation.

The latest nightly build is available for installation via update site at: http://sinv-56013.edu.hsr.ch/metriculator/updatesite-nightly/site/

Further Description

Metriculator statically analysis C++ source code and generates software metrics. Metrics are implemented as Codan checkers. The analysis results can be explored in a separate view. Each metric has configurable properties (e.g. a threshold for 'max lines of code per function'). Exceeding these threshold will report a problem and create a marker in the source code editor.

with metriculator you can:

• analyse C++ files / folders / projects
• define metric thresholds and enable / disable metric using Codans preference page
• have problem markers in source code editors
• explore metric results
• export metric results as tag cloud (available as optional feature via update site)

Currently metriculator comes with the following metrics:

• McCabe (Cyclomatic Complexity)
• EfferentCoupling per Type
• Logical Source Lines of Code
• Number of Members per Type
• Number of Parameters per Function

Concerning the GNU compiler, gcc has already a builtin option that enables additional warning to those of -Wall. The option is -Weffc++ and it's about the violations of some guidelines of Scott Meyers published in his books "Effective and More Effective C++".

In particular the option detects the following items:

• Define a copy constructor and an assignment operator for classes with dynamically allocated memory.
• Prefer initialization to assignment in constructors.
• Make destructors virtual in base classes.
• Have "operator=" return a reference to *this.
• Don’t try to return a reference when you must return an object.
• Distinguish between prefix and postfix forms of increment and decrement operators.
• Never overload "&&", "||", or ",".

Oink is a tool built on top of the Elsa C++ front-end. Mozilla's Pork is a fork of Elsa/Oink.

See: http://danielwilkerson.com/oink/index.html

Under development for now, but clang does C analysis and is targeted to handle C++ over time. It's part of the LLVM project.

Update: While the landing page says "The analyzer is a continuous work-in-progress", it is nevertheless now documented as a static analyzer for both C and C++.

Question: How can I run GCC/Clang for static analysis? (warnings only)

Compiler option: -fsyntax-only

Someone else mentioned -Weffc++, but that is actually one of the only GCC warnings I do not turn on by default. However, the set of warnings that I do turn on is the most important static analysis tool in my kit. You can see the complete list of recommended warnings.

In summary:

-pedantic -Wall -Wextra -Wcast-align -Wcast-qual -Wctor-dtor-privacy -Wdisabled-optimization -Wformat=2 -Winit-self -Wlogical-op -Wmissing-declarations -Wmissing-include-dirs -Wnoexcept -Wold-style-cast -Woverloaded-virtual -Wredundant-decls -Wshadow -Wsign-conversion -Wsign-promo -Wstrict-null-sentinel -Wstrict-overflow=5 -Wswitch-default -Wundef -Werror -Wno-unused

Note that some of these require a new version of gcc, so you may need to eliminate them from your list if you are stuck back on 4.5 or something.

Microsoft's PREFast is also available in the Windows Driver Kit. Version 7.0 is downloadable here.

The Microsoft docs state that it should only be run against driver code but this (old) blog post lays out steps to run it. Perhaps it can be integrated into a normal build process?