What is a Good Open Source Code Analysis Tool?

carlmenezes asks: "I volunteer when I can to help a poor educational institution in India with their computing needs. As you can imagine, most computers are from donations and very little money (if any) can be spent on software licensing. Therefore, the installed software is all Open Source and I do all of the software installation by myself. I have already installed Linux on 16 PCs, with Firefox. The default desktop is KDE and the kdeedu package (klettres in particular) has several loyal fans. Incidentally, the kids don't find it hard to use at all and the lack of 3D doesn't bother them in the least :) I would like to ask the community about a good source code analysis tool. I have already installed Source Navigator. Is there any other comparable open source tool?" "The analysis tools would be for those students that show more interest than the others in programming. There is a lot of source code in there for them to look at it if they want to. I'm looking more at C/C++ than anything else. There are some very bright students and I would like them to be able to move beyond ordinary school programming if they feel like it. No, there is no Internet connection. I bring in the software on CDs and install it."

Use Java instead

[nganju]

There are two very good open source IDEs for Java, NetBeans and Eclipse (I personally prefer Eclipse).

If you're teaching beginners how to program, Java is simpler anyway. You don't have to understand memory allocation and pointers because it's all taken care of for you. Also you can write non-object-oriented programs to start with by making all functions static.

This way you can start with very simple programs and work your way up to introducing more advanced concepts, like object-oriented, or memory allocation etc.

If you insist on learning with C/C++, I would lobby with the executives at a company like Borland. They usually have the power to throw a few copies your way, as long as they're convinced that it is a philanthropic effort (it makes them look good).

Re:Use Java instead

[cariaso1]

Eclipse is excellent, but requires a decent machine.

Re:Use Java instead

Eclipse will also support C/C++ with this plugin: http://www.eclipse.org/cdt/

Source Navigator is fine

[ratboy666]

I find that snavigator is quite good for source analysis. If you want a "lighter" tool, cscope can be used. But snavigator also support fortran, cobol &etc "out of the box".

So, I think that its a fine tool for teaching. Most other "IDE"s tie you in to a particular system or language, which snavigator doesn't. I've used it for the Linux kernel, Solaris, and Windows (among other things).

Its a bit slow building its cross-reference database, though, so for larger source bases you do want access to a "big" machine. You can share the results after the xref is built (the same is possible with cscope).

Good luck with your project!

Ratboy.

Cscope, Lint

[n1ywb]

From the Cscope web site:

Cscope is a developer's tool for browsing source code. It has an impeccable Unix pedigree, having been originally developed at Bell Labs back in the days of the PDP-11. Cscope was part of the official AT&T Unix distribution for many years, and has been used to manage projects involving 20 million lines of code!

In April, 2000, thanks to the Santa Cruz Operation, Inc. (SCO) (since merged with Caldera), the code for Cscope was open sourced under the BSD license.

• Allows searching code for:
• all references to a symbol
• global definitions
• functions called by a function
• functions calling a function
• text string
• regular expression pattern
• a file
• files including a file

Curses based (text screen) An information database is generated for faster searches and later reference The fuzzy parser supports C, but is flexible enough to be useful for C++ and Java, and for use as a generalized 'grep database' (use it to browse large text documents!) Has a command line mode for inclusion in scripts or as a backend to a GUI/frontend Runs on all flavors of Unix, plus most monopoly-controlled operating systems.

From the Split (a modern version of Lint) web site:

Splint[1] is a tool for statically checking C programs for security vulnerabilities and programming mistakes. Splint does many of the traditional lint checks including unused declarations, type inconsistencies, use before definition, unreachable code, ignored return values, execution paths with no return, likely infinite loops, and fall through cases. More powerful checks are made possible by additional information given in source code annotations. Annotations are stylized comments that document assumptions about functions, variables, parameters and types. In addition to the checks specifically enabled by annotations, many of the traditional lint checks are improved by exploiting this additional information.

As more effort is put into annotating programs, better checking results. A representational effort-benefit curve for using Splint is shown in Figure 1. Splint is designed to be flexible and allow programmers to select appropriate points on the effort-benefit curve for particular projects. As different checks are turned on and more information is given in code annotations the number of bugs that can be detected increases dramatically.

Problems detected by Splint include:

• Dereferencing a possibly null pointer (Section 2);
• Using possibly undefined storage or returning storage that is not properly defined (Section 3);
• Type mismatches, with greater precision and flexibility than provided by C compilers (Section 4.1-4.2);
• Violations of information hiding (Section 4.3);
• Memory management errors including uses of dangling references and memory leaks (Section 5);
• Dangerous aliasing (Section 6);
• Modifications and global variable uses that are inconsistent with specified interfaces (Section 7);
• Problematic control flow such as likely infinite loops (Section 8.3.1), fall through cases or incomplete switches (Section 8.3.2), and suspicious statements (Section 8.4);
• Buffer overflow vulnerabilities (Section 9);
• Dangerous macro implementations or invocations (Section 11); and
• Violations of customized naming conventions. (Section 12).

valgrind

[yamla]

valgrind and associated add-ons, are absolutely amazing and quite useful for C and C++ programming.

Nobody should be caught dead writing C++ programming without at least knowing about Boost's libraries. Not really analysis tools but useful nevertheless.

linux cross reference

[StyXman]

lxr (http://lxr.linux.no/) was dveloped with the kernel in mind, but now it works with any C, C++, python, perl and other laguajes (those supported by exuberant-ctags). I used it in several projects and, in conjunction with tabbed browsing, I think it's all I need. Dependencies are: mysql, perl, apache, exuberant-ctags.

gcc -Wall

[oo_waratah]

The gcc compiler has quite a number of checks built into it. For example uninitialised variables checks if you use -Wuninitialise. A good first pass on code is to compile -Wall and clean up the problems reported.

You might want to read Steve McConnell on writing solid code to see a full explanation as to why.