There is of course the wikipedia list. That list is just that, a list, and not a comparison, but one of the links on the page seems to at least partially answer your question and (very briefly) mentions a couple of the programs you listed.
Using -Wall should be a matter of course for every c developer. Also, additionally using -Wextra could be a good idea.
Splint can find other potential weaknesses in your application but in most cases (!) it prints false warnings so you have to really understand what splint means with what warning and most times you have to insert annotations like /out/ or /unused/ in your code so splint doesn't yell on you. With splint, you should filter out warnings which are not important for you, otherwise you spent too much time in analyzing and scrolling through lots of messages.
Note that these tools do only static code checking. You should use valgrind to find runtime memory leaks.
I have used splint a couple of times and found it too verbose: I disabled most of the warnings. I think that this tool may provide interesting results if you correctly annotate your code. Without code annotation, this tool is not very helpful.
I sometimes use sparse and consider it as a valuable tool. It provides a wrapper around gcc, called "cgcc". As a result, it is simple to run sparse on a program even if it contains many source files (export CC=cgcc and voilà). This program works best if you are analyzing Kernel source code.
As a sidenote, I also use pmccabe on a regular basis. pmccabe is not a static analyzer: it calculates cyclomatic complexity. It may help you find the most complex functions in your program. Those functions are likely to be error prone and hard to test.
发布评论
评论(3)
当然有维基百科列表。 该列表只是一个列表,而不是比较,而是链接之一 似乎至少部分回答了您的问题,并且(非常简短地)提到了您列出的几个程序。
There is of course the wikipedia list. That list is just that, a list, and not a comparison, but one of the links on the page seems to at least partially answer your question and (very briefly) mentions a couple of the programs you listed.
对于每个 c 开发人员来说,使用 -Wall 应该是理所当然的事情。 此外,另外使用 -Wextra 可能是一个好主意。
Splint 可以发现应用程序中的其他潜在弱点,但在大多数情况下(!)它会打印错误警告,因此您必须真正理解 splint 的含义和警告,并且大多数时候您必须插入 /out 等注释/ 或 /未使用/ 在您的代码中,这样夹板就不会对您大喊大叫。 使用夹板,您应该过滤掉对您不重要的警告,否则您会花费太多时间来分析和滚动大量消息。
请注意,这些工具仅执行静态代码检查。 您应该使用 valgrind 来查找运行时内存泄漏。
Using -Wall should be a matter of course for every c developer. Also, additionally using -Wextra could be a good idea.
Splint can find other potential weaknesses in your application but in most cases (!) it prints false warnings so you have to really understand what splint means with what warning and most times you have to insert annotations like /out/ or /unused/ in your code so splint doesn't yell on you. With splint, you should filter out warnings which are not important for you, otherwise you spent too much time in analyzing and scrolling through lots of messages.
Note that these tools do only static code checking. You should use valgrind to find runtime memory leaks.
我使用过几次夹板,发现它太冗长了:我
禁用大部分警告。 我认为这个工具可以提供
如果你正确注释你的代码,会得到有趣的结果。 无代码
注释,这个工具不是很有帮助。
我有时会使用稀疏并认为它是一个有价值的工具。 它提供
gcc 的包装,称为“cgcc”。 结果,运行起来很简单
即使程序包含许多源文件(
export瞧)。 如果您正在分析,该程序效果最好CC=cgcc
内核源代码。
顺便说一句,我也定期使用 pmccabe。 pmccabe 不是
静态分析器:计算圈复杂度。 它可能对你有帮助
找到程序中最复杂的函数。 这些功能是
可能容易出错且难以测试。
I have used splint a couple of times and found it too verbose: I
disabled most of the warnings. I think that this tool may provide
interesting results if you correctly annotate your code. Without code
annotation, this tool is not very helpful.
I sometimes use sparse and consider it as a valuable tool. It provides
a wrapper around gcc, called "cgcc". As a result, it is simple to run
sparse on a program even if it contains many source files (
exportand voilà). This program works best if you are analyzingCC=cgcc
Kernel source code.
As a sidenote, I also use pmccabe on a regular basis. pmccabe is not a
static analyzer: it calculates cyclomatic complexity. It may help you
find the most complex functions in your program. Those functions are
likely to be error prone and hard to test.