69

I'm working on a project where I'm coding in C in a UNIX environment. I've been using the lint tool to check my source code. Lint has been around a long time (since 1979), can anyone suggest a more recent code analysis tool I could use ? Preferably a tool that is free.

David
  • 14,047
  • 24
  • 80
  • 101
  • 1
    See also [What is the best command-line tool to clean-up code](http://stackoverflow.com/questions/393208/what-is-the-best-command-line-tool-to-clean-up-code/) and [Recommended GCC warning options for C](http://stackoverflow.com/questions/154630/recommended-gcc-warning-options-for-c). If you have prototypes properly centralized in headers and used everywhere, then the cross-file checking that `lint` does is also done by the compiler (albeit one file at a time). – Jonathan Leffler Mar 05 '12 at 06:30
  • Voting to close as tool rec. – Ciro Santilli OurBigBook.com Jul 02 '15 at 12:16
  • PVS-Studio analyzer is now available for Linux - http://www.viva64.com/en/b/0441/ –  Nov 06 '16 at 20:23

15 Answers15

35

Don't overlook the compiler itself. Read the compiler's documentation and find all the warnings and errors it can provide, and then enable as many as make sense for you.

Also make sure to tell your compiler to treat warnings like errors so you're forced to fix them right away (-Werror on gcc). By the way, don't be fooled -Wall on gcc does not enable all warnings.

You may want to check valgrind (free!) — it "automatically detect[s] many memory management and threading bugs, and profile[s] your programs in detail." It isn't a static checker, but it's a great tool!

svec
  • 3,477
  • 2
  • 27
  • 28
  • 23
    How come this is the accepted answer? What if I want to check resource safety, like lock/unlock? The compiler cannot do anything. And valgrind is dynamic code analysis... – UmNyobe Mar 25 '13 at 09:54
16

For C code, you definitely should definitely use Flexelint. I used it for nearly 15 years and swear by it. One of the really great features it has is that warnings can be selectively turned off and on via comments in the code ("/* lint -e123*/"). This turned out to be a powerful documentation tool when you wanted to something out of the ordinary. "I am turning off warning X, therefore, there is some good reason I'm doing X."

For anybody into interesting C/C++ questions, look at some of their examples on their site and see if you can figure out the bugs without looking at the hints.

Mark Harrison
  • 297,451
  • 125
  • 333
  • 465
13

I've heard good things about clang static analyzer, which IIRC uses LLVM as it's backend. If that's implemented on your platform, that might be a good choice.

From what I understand, it does a bit more than just syntax analysis. "Automatic Bug Finding", for instance.

John Slade
  • 12,246
  • 2
  • 25
  • 20
Matthew Schinckel
  • 35,041
  • 6
  • 86
  • 121
9

You can use cppcheck. It is an easy to use static code analysis tool.
For example:
cppcheck --enable=all .
will check all C/C++ files under the current folder.

Nicolas Jean
  • 775
  • 6
  • 19
6

I recently compiled a list of all the static analysis tools I had at my disposal, I am still in the process of evaluating them all. Note, these are mostly security analysis tools.

David Bryson
  • 419
  • 4
  • 7
5

We've been using Coverity Prevent to check out C++ source code.

It's not a free tool (although I believe they offer free scanning for open source projects), but it's one of the best static analysis tools you'll find. I've heard it's even more impressive on C than on C++, but it's helped us avoid quite a number of bugs so far.

Kristof Provost
  • 26,018
  • 2
  • 26
  • 28
2

Lint-like tools generally suffer from a "false alarm" problem: they report a lot more issues than really exist. If the proportion of genuinely-useful warnings is too low, the user learns to just ignore the tool. More modern tools expend some effort to focus on the most likely/interesting warnings.

Chris Conway
  • 55,321
  • 43
  • 129
  • 155
1

You might find the Uno tool useful. It's one of the few free non-toy options. It differs from lint, Flexelint, etc. in focusing on a small number of "semantic" errors (null pointer derefs, out-of-bounds array indices, and use of uninitialized variables). It also allows user-defined checks, like lock-unlock discipline.

I'm working towards a public release of a successor tool, Orion (CONTENT NOT AVAILABLE ANYMORE)

ΦXocę 웃 Пepeúpa ツ
  • 47,427
  • 17
  • 69
  • 97
Chris Conway
  • 55,321
  • 43
  • 129
  • 155
1

You can try CppDepend, a pretty complete static analyzer available on windows and linux, throught VS Plugin, IDE or command line, and it's free for open source contributors

Dane
  • 161
  • 5
1

PC-lint/Flexelint are very powerful and useful static analysis tools, and highly configurable, though sadly not free.

When first using a tool like this, they can produce huge numbers of warnings, which can make it hard to differentiate between major and minor ones. Therefore, it is best to start using the tool on your code as early in the project as possible, and then to run it on your code as often as possible, so that you can deal with new warnings as they come up.

With continual use like this, you soon learn how to write your code in a way which confirms to the rules applied by the tool.

Because of this, I prefer tools like Lint which run relatively quickly, and so encourage continual use, rather than the more cumbersome tools which you may end up using less often, if at all.

Steve Melnikoff
  • 2,620
  • 1
  • 22
  • 24
0

Sparse is a computer software tool, already available on Linux, designed to find possible coding faults in the Linux kernel.

There are two active projects of Linux Verification Center aimed to improve quality of the loadable kernel modules.

  1. Linux Driver Verification (LDV) - a comprehensive toolset for static source code verification of Linux device drivers.
  2. KEDR Framework - an extensible framework for dynamic analysis and verification of kernel modules.
  3. Another ongoing project is Linux File System Verification that aims to develop a dedicated toolset for verification of Linux file system implementations.
manav m-n
  • 11,136
  • 23
  • 74
  • 97
0

lint is constantly updated... so why would you want a more recent one.

BTW flexelint is lint

itj
  • 1,165
  • 1
  • 11
  • 16
  • 3
    FlexeLint is a commercial product which has no development history in common with Johnson's original Unix Lint, AFAIK. A non-commercial alternative is Splint. – Chris Conway Sep 08 '08 at 14:20
0

G'day,

I totally agree with the suggestions to read and digest what the compiler is telling you after setting -Wall.

A good static analysis tool for security is FlawFinder written by David Wheeler. It does a good job looking for various security exploits,

However, it doesn't replace having a knowledgable someone read through your code. As David says on his web page, "A fool with a tool is still a fool!"

cheers,

Rob

Rob Wells
  • 36,220
  • 13
  • 81
  • 146
0

I've found that it's generally best to use multiple static analysis tools to find bugs. Every tool is designed differently, and they can find very different things from each other.

There are some good discussions in some of the talks here. It's from a conference held by the US Department of Homeland Security on static analysis.

Dominic Gurto
  • 4,025
  • 2
  • 18
  • 16
-1

There is a "-Weffc++" option for gcc which according to the Mac OS X man page will:

Warn about violations of the following style guidelines from Scott Meyers' Effective C++ book:

[snip]

I know you asked about C, but this is the closest I know of..

pauldoo
  • 18,087
  • 20
  • 94
  • 116