8

I develop commercial unmanaged C++ app on Visual Studio 2008, and I want to add a static-code analysis tool.

Any recommendations?

I think it would be real nice if the tool can be integrated into MSVC.

I'm thinking about PC-Lint + Visual Lint

However, I have been taking a hard look at Coverity, Understand, and Klockwork as well.

Price isnt really the issue. I want opinions from people who actually used the tool for unmanaged C++ on MSVC, and they just absolutely loved it.

Lastly, VSTS and Intel Parallel Studio now also offer static code analysis. Nice~

Note: related post suggest Coverity is the best (?) (see last 2 posts)

Cœur
  • 37,241
  • 25
  • 195
  • 267
sivabudh
  • 31,807
  • 63
  • 162
  • 228
  • Looks a duplicate to me: See . – dirkgently Apr 11 '09 at 06:07
  • It would be useful if you also outlined the kinds of analysis that you require. As someone who works for a S.A. tool vendor (not listed here :( ) it would be useful if you listed the kind of checking you want: eg. coding standard enforcement, flow analysis, design advice etc. etc. – Richard Corden Apr 14 '09 at 10:35

5 Answers5

3

Beyond all those you mentioned, VS Team Developer edition comes bundled with a nice static analysis tool called prefast. Its (obviously..) well integrated into the IDE, and accessible via the menus. Its in fact a public release of an MS internal tool - a thin version of a tool called Prefix they run on their builds. Personally, when I faced the same decision, prefast sufficed.

Ofek Shilon
  • 14,734
  • 5
  • 67
  • 101
2

I work for RedLizard building Goanna, a C++ static analysis plugin for Visual Studio. Its focus is on desktop use by a programmer. You can run it on individual files, just as you do the compiler, and it can give you results quickly.

There is a trial available. Right-click a file, select Run Goanna, and the results appear in the Visual Studio warnings list.

David Crawshaw
  • 10,427
  • 6
  • 37
  • 39
2

You can try CppDepend, a pretty complete c and c++ static analyzer, well integrated with VS 2008, 2010, 2012, 2013 and 2015.

John
  • 131
  • 4
2

I just started using cppcheck which I like very much due to the low noise.

Although it does not integrate directly with Visual Studio 2008, VS can be customized and you should be able to integrate it directly into the IDE.

Bigwave
  • 2,166
  • 1
  • 17
  • 28
Stephen Nutt
  • 3,258
  • 1
  • 21
  • 21
0

I use PVS-Studio static code analyzer. This static code analyzer good integrated with Visual Studio 2005, 2008, 2010, 2012, 2013.

It has many additional features:

  1. Verification of files which were recently modified several days ago;

  2. Verification of files by their filenames from within the text file list;

  3. version control systems integration; ability to operate fro m command line interface;

  4. «False Alarms» marking; saving and loading of analysis results;

  5. utilizing all available cores and processors;

  6. etc...

alexey
  • 622
  • 4
  • 9
  • I was not able to run with VS 2008. I got: "Compiler version 15.0.30729.1 is not supported. PVS-Studio supports Visual C++ compiler version 16 (Visual Studio 2010) and above." – Kapil Vyas Jun 15 '18 at 15:28
  • That’s true – they stopped support: https://www.viva64.com/en/b/0362/#ID0EXFAC And their older version 5.xx is not available for download. – Kapil Vyas Jun 15 '18 at 15:45