{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 老娘就宠你 的问题《What tools do you use for static code analysis? [c》','https://www.manongdao.com/q-1306030.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
This question on Cyclomatic Complexity made me think more about static code analysis. Analyzing code complexity and consistency is occasionally useful, and I'd like to start doing it more. What tools do you recommend (per language) for such analysis? Wikipedia has a large list of tools, but which ones have people tried before?
Edit: As David points out, this is not a completely unasked question when it comes to C/UNIX based tools.
For .Net we use NDepend. It is a great tool and can be integrated to the build (we use CCNet).
http://www.ndepend.com/
HTH.
I've used quite a few open-source and commercial static analysis tools across many languages and I find that the overall discussion fits under the umbrella of a concept known as technical debt (which this article goes into detail about).
However for a quick answer, here are my favorites per language:
Checkstyle, Findbugs, and PMD all work pretty well in Java. I'm currently pretty happy with PMD running in NetBeans. It has a fairly simple GUI for managing what rules you want to run. It's also very easy to run the checker on one file, an entire package, or an entire project.
My admins are really cheap, so can I only use really cheap tools:
1) CCCC (C / C++ Code Counter): Various results related to number of lines (vs. lines of comments, cyclomatic complexity, Information flow, ...) 2) Semian: Fastest code duplication finder I ever tried. 3) LOC Metrix: Not very usefull but can help to make a point.
Obviously, the answer depends on the programming languages. UNO is good for C programs.
@Thomas Owens: I think you meant Splint.
We use Coverity Prevent at Palm for C and C++ code analysis, and it's done a great job of uncovering some hidden bugs in our code. It also finds a lot of not likely to be hit problems, but it's easy to mark those as "will not fix" or "not a problem" in the code database that the tool generates. It is expensive, but the company occasionally does runs on open source projects and provides reports to the maintainers. They have a whitepaper about our use of the product on their site if you want to read more about our experience.