Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 9 years ago.
Improve this question
There exist tools for comparing code against a custom specified set of coding guidelines/standards for a variety of languages (rather than pure static analysis for common defects). Examples include FxCop for .Net code and CheckStyle for Java, but I was wondering what examples people know of in the C++ world.
An existing question was asked regarding free tools which provided examples like Vera but I was also wondering about commercial tools that may be available.
A tool used by us was CodeWizard from Parasoft. But I think the new version is called "Parasoft C++ Test". From the homepage:
Static analysis of code for
compliance with user-selected coding
standards
Graphical RuleWizard
editor for creating custom coding
rules
Static code path simulation
for identifying potential runtime
errors
Automated code review with a
graphical interface and progress
tracking
Automated generation and
execution of unit and component-level
tests
Flexible stub framework
Full support for regression testing
Code coverage analysis with code
highlighting
Runtime memory error
checking during unit test execution
Full team deployment infrastructure
for desktop and command line usage
The full list that I managed to generate:
PRQA's QA C++
Parasoft's C++Test
MS Visual Studio Team System seems to have some functionality but it's hard to tell via their website.
GrammaTech CodeSonar
Coverity Extend
The last two provide some functionality but not particularly customisable ones:
Klocwork Insight
Rational PurifyPlus
DISCLAIMER: Working on this tool is my day job.
I'm obviously biased, but one of the main features of QA C++ is Coding Standard enforcement. For example we do JSF++ and MISRA C++ enforcement. You can read more about this here.
astyle is a common Unix tool that reformats source to a specified style. It supports most C-like languages. I know of no similar commercial tools.
I was also wondering about commercial tools that may be available.
Visual Studio Team System Edition 2005/2008 does have some such stuff. They also have a facility to enforce a set of rules on a whole team. Check it out.
I do not know whether you looking for a tool with built-in rules or want to validate against your custom rules. If it is the second, you may find it useful to implement searches for undesirable patterns based on regexp. Depending on your needs, Metrix++ http://metrixplusplus.sourceforge.net/ may offer helpful framework.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 9 years ago.
Improve this question
It looks quite easy to find such a tool for Java (Checkstyle, JCSC), but I can't seem to find one for C/C++. I am not looking for a lint-like static code analyzer, I only would like to check against coding standards like variable naming, capitalization, spacing, identation, bracket placement, and so on.
The only tool I know is Vera. Haven't used it, though, so can't comment how viable it is. Demo looks promising.
Google c++lint from Google code style guide.
I'm sure this could help to some degree cxx checker. Also this tool seems to be pretty good KWStyle It's from Kitware, the guys who develop Cmake.
Not exactly what you ask for, but I've found it easier to just all agree on a coding standard astyle can generate and then automate the process.
Try nsiqcppstyle. It's a Python based coding style checker for C/C++. It's easy to extend to add your own rules.
There's a list. There is also a putative C++ frontend on splint.
I have used a tool in my work its LDRA tool suite
It is used for testing the c/c++ code but it also can check against coding standards such as MISRA etc.
Check universalindentgui on sourceforge.net.
it has many style checkers for C and you can customise the checkers.
There is cppcheck which is supported also by Hudson via the plugin of the same name.
Check Metrix++ http://metrixplusplus.sourceforge.net/. It may require some extensions which are specific for your needs.
Check out Abraxas Code Check
http://www.abxsoft.com/codchk_user.html
I'm currently working on a project with another project to write just such a tool. I looked at other static code analysis tools and decided that I could do better.
Unfortunately, the project is not yet ready to be used without fairly intimate knowledge of the code (read: it's buggy as all hell). However, we're moving fairly quickly, and hope to have a beta release within the next 8 weeks.
The project is open source - you can visit the project page, and if you want to get involved, we'd love some more external input.
I won't bore you with the details - you can visit the project page for that, but I will say one thing: Most static code analysis tools are aimed at checking your code for mistakes, and not very concerned with checking for coding guidelines. We have taken a more flexible approach that allows us to write plugiins to check for both "house rules" as well as possible bugs.
If you want any more information, please don't hesitate to contact me.
Cheers,
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 8 years ago.
Improve this question
Which tools would be most useful for analyzing a C++ codebase?
What do they cost?
Can we manage with free and trial software, or are there commercial software that is good and that we really should to pay for?
The main object would be to get an understanding of quality - memory issues etc, also to understand the code (For spotting architectural problems for example), perhaps coding standards.
Primarily statical analysis, but we are hoping to be able to run the code.
Think it needs to be "robust in the sense that it should work with code for arcane compilers.
The best free tool is your compiler's warning errors, I always use them at maximum level. The first goal should be a clean build without any cheating (eg. disabling or casting away not-understood warnings).
Visual C++ has built in Code Analysis which is good for catching some bugs and Win32 API misuse, but it's not included in the free version and is (obviously) Windows-specific. This used to be an internal Microsoft tool called Prefast - analogous to FxCop in .Net.
PC-Lint is good, but verbose and not free. If you can get a config file to trap 'useful things' and ignore the noise, that would be a big plus. Again this is for Windows, but I know there are versions for other platforms.
Take a look at:
http://www.cppdepend.com/
and a good many others:
http://www.chris-lott.org/resources/cmetrics/
http://www.locmetrics.com/alternatives.html
I've heard very good things about Valgrind. "automatically detect many memory management and threading bugs, and profile your programs in detail"
The number one stink in programs is code duplication.
You can use clone detectors to find duplicates. Many clone detectors compare just text lines for exact matches; other compare token streams and will find almost-exact matches where the differences are just changed identifiers. You can use our CloneDR to find duplication in which arbitrary langauge structures are inserted or removed, using the langauge grammar as a guide. CloneDR works for large C++ systems, as well as many other languages. At the link you can find typical clone detection reports.
A popular broad-spectrum static checker is PCLint. This checks for a variety of common coding errors predefined by the tool. I don't know how well it handles "arcane" (compilers) dialects of C++.
If you want to define custom checks, you need a full C++ front end parser and the ability to configure your checks arbitrarily. Our DMS Software Reengineering Toolkit is an engine that can be configured to accomplish this. DMS's C++ front end can be configured to handle "arcane" C++ dialects, but already covers ANSI, GCC3 and GCC4, MS Visual Studio 7 and 2005. Because DMS is a program transformation engine, it can even be used to "improve" the code quality by replacing poor constructs with better ones.
While not static analysis, test coverage tools for measuring how well you've tested your code are very helpful in assessing your code quality. Just because all your tests pass, doesn't mean you've tested well; unexercised code arguably can have any/all variety of problems.
Theres CCCC: http://cccc.sourceforge.net/ -- result of a research project on metrics.
To tell the truth, I've not found much benefit in such things. What do you hope to get?
You could try out Vigilant Sentry, which analyzes C and C++ and looks for advanced errors in your software. This includes memory or resources leaks, and crash causing memory corruption, among other things.
The small business edition is currently only $795 (by far the cheapest on the market for the value) and the enterprise is $4995. Good luck finding what you need.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 9 years ago.
Improve this question
I just posted this as part of a reply to a question about the "best" bug-tracking software...
Well, a tool on its own is just a tool. And while all speak of a toolchain, most just mean a loose collection of tools. Why not look for a problem tracker that "plays well with other children"? That is to say, interfaces well with your IDE, your build tool, your version control system ...
In fact, I think I'll go now and ask a question about the best linked toolchain ...
So, any comments? I would prefer replies for developing C/C++ on Linux and using FOSS (but don't let that prevent you posting Windows based answers if you think that it would help someone else). We don't need a complete chain, but maybe a few groups of linked tools are still better than totally separate "links" in the chain)
I use
Eclipse - for coding and debugging, also its plug-ins for
Doxygen for auto code-documentation
Splint and CppCheck for static code analysis
CppUnit for automated testing
Bugzilla, et all for bug tracking
CVS, Subversion, etc, for version control
Hudson - for automated builds, with plug-ins for
Doxygen for auto code-documentation
CppCheck for static code analysis
CppUnit for automated testing
Bugzilla, et all for bug tracking
CVS, Subversion, etc, for version control
I seem to be missing a tool for project management which interfaces with other "links" in the toolchain. How complete can we make it, end to end, and is there a "best" chain (or, at least, one with the most links)?
Edit: Let's not forget requirements tracking and project planning & tracking - end Edit
And has anyone every diagrammed the relationship between various tools (i.e., which interfaces to which, and in which direction; which can export in the import format of another, etc)?
G'day,
In my experience, I have found that trying to come up with a "definitive" tool chain can cause problems.
One of the worst is that it tends to force people into the "everything looks like a nail" approach to projects. That is, You've done the work to select the tools you think are suitable and you now have your tool suite.
In my experience, it is very difficult to get people to change their "canonical set" of tools for other projects once that tool set has been selected and annointed as such.
I've been doing this for over twenty years now in a variety of projects that ranged from on-board submarine sonar simulators to air-traffic control display systems to helicopter control systems. Even within the same company, different projects need different tool sets to address the various problems that are going to be encountered.
You might think that once you've selected a tool for a particular purpose then you can re-use that tool for all projects, e.g. your selection of BugZilla for bug tracking. But what if there is no suitable SMTP server available because you've got a distributed team and your mail server is internal, locked down, secure, for example.
I'd suggest that it would be better to establish a suite of possible tools from which you can select your project's tool suite from. For example, adding Trac or FogBuzz as a possible bug tracking mechanism.
A lot of things can affect your choice of tools. Off the top of my head I've got:
geographical distribution of teams,
internal lock down, i.e. no public access, of servers e.g. email, source repository, test platform, etc,
having to interface to some existing system because of a desire to reuse aspects of that system, e.g. previous teams had had VisualSourceSafe inflicted upon them,
customer insistence on the use of a particular platform,
the management team for a new project having requirements that differ from the previous management team for regular management type reports,
etc.
Having a suite of possibilities minimises the effect of "trying to squeeze a square peg into a round hole".
Anyway, you might find that you're able to trim down your suite of possibilities after a while because you can demonstrate a successful approach and so get enough traction within the company for the support of doing things the way you've previously done them.
HTH
I think the Unix philosophy militates against these kinds of tightly integrated toolchains. It's no accident that Eclipse, the first thing you mention, came from the Java world. Unix (and by extension, Linux) tends to believe less in things called "plugins" and more in sets of tools that share data stored in flat text files.
By "project management" I'm not sure if you mean something like Make or something to keep track of your team's progress. If you mean something like Make, the Unix world sorely needs a reusable Make that supports "smart recompilation" and will work with multiple compilers. The closest thing is Glenn Fowler's nmake, but that's not very close.
Regarding integrate toolsets more generally,
The best set of tools I've seen are the Advanced Software Technology tools built at AT&T. There's a most excellent book Practical Reusable Unix Software, free to download, which describes the state of play circa 1995. Since then the toolset has only gotten better and richer, but to get an overview of what the hell is going on, you really need the book. These guys started with the Unix group at Bell Labs, and what they've created is not so much a toolchain but a way of life. Joe Bob says check it out.
The other ubiquitous element in many Unix toolchains is (and this is likely to make you laugh or puke) Emacs. Although Emacs Lisp is not anyone's favorite way to write plugins or extensions, sheer accumulation over time has made Emacs into a very rich, powerful programming environment—and it talks to all sorts of other tools. I'm into simplicity, not complexity, so I try to keep to shallow water, but if you're serious about investigating toolchains for Unix, it's something to know about.
I'm looking forward to seeing more answers to your question.
Well its not FOSS but Rational supplies a complete tool chain (except for the compilers!),
You get IDEs, Class diagrams, use cases, requirements tracking, test tools, problem logging tools which integrate well all for a few thousand (or hundreds of) dollars.
None (aprt from the modeling tools) is best of breed, but, they are all pretty good and integrate well with each other.
Disclaimer:-
My "toolset" of choice is vim,make, ddd, gmail and a moleskin notebook for modeling.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a book, tool, software library, tutorial or other off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 8 years ago.
Improve this question
I'm looking for recommendations for open-source projects written in C++ that will help me "get my chops back". A little background:
I've been working heavily in Java for the last three years, doing a lot of back-end development and system design, but with a fair amount of work in the presentation layer stuff, too.
The last C++ projects I worked on were a Visual C++ 6 project (designed to interact with Visual Basic) for mobile devices and several projects using the GNU toolchain circa gcc versions 2.x to 3.2
I'm looking to get back up to speed on the language and learn some of the popular frameworks, specifically the basics of boost (although boost seems fairly sprawling to me, similar to the kitchen-sink feel of Spring in the java space) and test driven development in C++.
What I'm looking for:
Specific recommendations for small to mid-size open source projects to poke through and perhaps contribute to as I level my C++ skills back up. The problem domain isn't important, except that I would like to work on something in a new area to broaden my experience.
Edit:
A few people have commented that it's difficult to provide a recommendation without some indication of the problem domain I'd like to work in. So, I've decided that I'm most interested in graphics applications or games, two areas which I haven't worked in before.
If you like visual stuff, openFrameworks is a C++ Framework for doing Processing-type applications. http://www.openframeworks.cc/ I'm not sure how viable it still is, but it looked pretty cool.
It's hard to suggest something like this, you really don't have any itches you want to scratch??
I would personally be working on Unladen Swallow if I wasn't absurdly busy starting my own personal venture. Dynamic language optimisation looks pretty cool to me.
You could also look at Wt
Why not Boost itself? It's a very active project, it's right at the core of what C++ is about, and it could need some help.
You mentioned test driven development. The Boost Unit Test Framework, for example, is powerful, but IMHO suffers from extremly bad documentation. That'd be a place to start, would teach you everything there is to know about that particular part of Boost, and I am sure you could find your way into one of the Boost modules from there.
I think you're going to have to be more specific. As a quick check, I did an apt-cache showpkg libstdc++6 on my Debian squeeze system, to find all the packages that depend on the C++ library — and found 4,537 of them. Obvious examples include:
most of KDE
Firefox, Thunderbird, etc.
apt-get itself
It'd really help if you specified what field you're interested in.
You can find many projects on GitHub. If you find a nice project, you can fork it (it's like creating a local copy you can work on) and start coding. Once you have done something nice, you can make a "Pull request" to ask the guy you made your fork from to merge your work.
I like being able to commit without having to ask for an access and be able to make smalls contributions to many projects without having to contact anybody, simply with a couple of clicks.
You can also check Gitorious and Bitbucket, both site work a bit like Github.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 9 years ago.
Improve this question
It looks quite easy to find such a tool for Java (Checkstyle, JCSC), but I can't seem to find one for C/C++. I am not looking for a lint-like static code analyzer, I only would like to check against coding standards like variable naming, capitalization, spacing, identation, bracket placement, and so on.
The only tool I know is Vera. Haven't used it, though, so can't comment how viable it is. Demo looks promising.
Google c++lint from Google code style guide.
I'm sure this could help to some degree cxx checker. Also this tool seems to be pretty good KWStyle It's from Kitware, the guys who develop Cmake.
Not exactly what you ask for, but I've found it easier to just all agree on a coding standard astyle can generate and then automate the process.
Try nsiqcppstyle. It's a Python based coding style checker for C/C++. It's easy to extend to add your own rules.
There's a list. There is also a putative C++ frontend on splint.
I have used a tool in my work its LDRA tool suite
It is used for testing the c/c++ code but it also can check against coding standards such as MISRA etc.
Check universalindentgui on sourceforge.net.
it has many style checkers for C and you can customise the checkers.
There is cppcheck which is supported also by Hudson via the plugin of the same name.
Check Metrix++ http://metrixplusplus.sourceforge.net/. It may require some extensions which are specific for your needs.
Check out Abraxas Code Check
http://www.abxsoft.com/codchk_user.html
I'm currently working on a project with another project to write just such a tool. I looked at other static code analysis tools and decided that I could do better.
Unfortunately, the project is not yet ready to be used without fairly intimate knowledge of the code (read: it's buggy as all hell). However, we're moving fairly quickly, and hope to have a beta release within the next 8 weeks.
The project is open source - you can visit the project page, and if you want to get involved, we'd love some more external input.
I won't bore you with the details - you can visit the project page for that, but I will say one thing: Most static code analysis tools are aimed at checking your code for mistakes, and not very concerned with checking for coding guidelines. We have taken a more flexible approach that allows us to write plugiins to check for both "house rules" as well as possible bugs.
If you want any more information, please don't hesitate to contact me.
Cheers,