9

PPI and Perl::Critic allow programmers to detect certain things in the syntax of their Perl programs.

Is there anything like it that will tokenize/parse C and give you a chance to write a script to do something with that information?

brian d foy
  • 129,424
  • 31
  • 207
  • 592
Jake
  • 211
  • 3
  • 5

4 Answers4

17

C related programs:

  • BLAST (Berkeley Lazy Abstraction Software verification Tool) — a software model checker for C programs based on lazy abstraction.

  • Clang — A compiler that includes a static analyzer.

  • Frama-C — A static analysis framework for C.

  • Sparse — A tool designed to find faults in the Linux kernel.

  • Splint — An open source evolved version of Lint (C language).

List of tools for Static Code Analysis for C (more than the list above)

13

There is an open source program called Splint:

Splint is a tool for statically checking C programs for security vulnerabilities and coding mistakes. With minimal effort, Splint can be used as a better lint. If additional effort is invested adding annotations to programs, Splint can perform stronger checking than can be done by any standard lint.

Sinan Ünür
  • 116,958
  • 15
  • 196
  • 339
11

If I remember correctly, that's what lint does.

Sinan Ünür
  • 116,958
  • 15
  • 196
  • 339
ennuikiller
  • 46,381
  • 14
  • 112
  • 137
  • 1
    Lint looks at more than just syntax, it also looks for fishy constructs like using a variable before setting them. – Ben S Dec 17 '09 at 20:03
5

It's a little off topic, but on the subject of valuable code analyzers for C is valgrind to catch dodgy memory management.

Schwern
  • 153,029
  • 25
  • 195
  • 336