This question on Cyclomatic Complexity made me think more about static code analysis. Analyzing code complexity and consistency is occasionally useful, and I'd like to start doing it more. What tools do you recommend (per language) for such analysis? Wikipedia has a large list of tools, but which ones have people tried before?
Edit: As David points out, this is not a completely unasked question when it comes to C/UNIX based tools.
I have been setting up a Hudson continuous integration (CI) build system for my Objective-C iPhone projects (iOS apps), and have compiled a varied list of tools that can be used to analyze my projects during a build:
Clang static analyzer: free, up-to-date stand-alone tool that catches more issues than the version of Clang included with Xcode 4. Active project. -- visit http://clang-analyzer.llvm.org
Doxygen: free documentation generation tool that also generates class dependency diagrams. Active project -- visit http://www.doxygen.nl
HFCCA (header-free cyclomatic complexity analyzer): free Python script to calculate code complexity, but without header files and pre-processors. Supports output in XML format for Hudson/Jenkins builds. Active project. -- visit http://code.google.com/p/headerfile-free-cyclomatic-complexity-analyzer
CLOC (count lines of code): free tool to count files, lines of code, comments, and blank lines. Supports diffing, so you can see the differences between builds. Active project. -- visit http://cloc.sourceforge.net
SLOCcount (source lines of code count): a free tool to count lines of code and estimate the costs and time associated with a project. Does not appear to be active. -- visit http://sourceforge.net/projects/sloccount and http://www.dwheeler.com/sloccount
AnalysisTool: free code analysis tool that measures code complexity and also generates dependency diagrams. Not active. Does not seem to work with Xcode 4, but I would love to get it working. -- visit http://www.karppinen.fi/analysistool
For C and Objective-C, you can also use the LLVM/Clang Static Analyzer.
It's Open Source and under active development.
For .Net we use NDepend. It is a great tool and can be integrated to the build (we use CCNet).
HTH.
I use the PMD plugin for Eclipse a lot. It's pretty nice, and very configurable. CheckStyle is also good, if you're looking for more of a style enforcer.
Checkstyle, Findbugs, and PMD all work pretty well in Java. I'm currently pretty happy with PMD running in NetBeans. It has a fairly simple GUI for managing what rules you want to run. It's also very easy to run the checker on one file, an entire package, or an entire project.
Obviously, the answer depends on the programming languages. UNO is good for C programs.
@Thomas Owens: I think you meant Splint.
We use Coverity Prevent at Palm for C and C++ code analysis, and it's done a great job of uncovering some hidden bugs in our code. It also finds a lot of not likely to be hit problems, but it's easy to mark those as "will not fix" or "not a problem" in the code database that the tool generates. It is expensive, but the company occasionally does runs on open source projects and provides reports to the maintainers. They have a whitepaper about our use of the product on their site if you want to read more about our experience.
Lint is the only one I have used at a previous position. It wasn't bad, most of the things it suggested were good catches, some didn't make much sense. As long you don't have a process in place to ensure that there are no lint errors or warnings, then it is useful to perhaps catch some otherwise hidden bugs
We use Programming Research's QAC for our C code. Works OK.
Recently we have been talking about checking out some of the more advanced and static/dynamic code analyzers like Coverity's Prevent or the analysis tool by GrammaTech.
They claim to not only do static analysis but also find runtime errors etc. One major selling point is supposed to be fewer false positives.
My admins are really cheap, so can I only use really cheap tools:
1) CCCC (C / C++ Code Counter): Various results related to number of lines (vs. lines of comments, cyclomatic complexity, Information flow, ...) 2) Semian: Fastest code duplication finder I ever tried. 3) LOC Metrix: Not very usefull but can help to make a point.
The only time I've ever used one of those tools is Split (C programming language). I thought it was helpful, but I was by no means a power user and I think I barely scratched the surface of what it could do.
I've used quite a few open-source and commercial static analysis tools across many languages and I find that the overall discussion fits under the umbrella of a concept known as technical debt (which this article goes into detail about).
However for a quick answer, here are my favorites per language:
