Good static code analysis tools for C++?

[ethankaminski]

Hey, I'm interested in starting to use static code analysis on my projects, and I wonder if anyone has any recommendations on the matter.

I'm using Linux as my development environment, I intend to stick with commandline tools, I'll probably stick with free (gratis) tools for now, and I prefer free (libre) tools as well. Of course, it may still be useful to mention tools that don't fit that profile, for the sake of others, even if I'm unlikely to use them.

After poking around a bit (and looking at Wikipedia's list), it seems like cppcheck and cpplint are worth trying. cpplint just tries to enforce compatibility with Google's style conventions, which seems potentially useful; whereas cppcheck seems to check for actual code problems that would go unnoticed if left to the compiler. I think I'll have to filter the output of cpplint to ignore conventions that I choose not to follow, and to ignore conventions of Google's that differ from Ogre's. I may also have to filter cppcheck's output if it ends up warning me about Ogre-related code, although hopefully that wouldn't be an issue.

Of course, since I'm using gcc, I should also try compiling with -Wall and -Werror (I've already encountered one release build-only segfault that would've been caught that way!).

Anyway, just wondering if anyone with more experience in the matter has come up with a better solution than what I'm planning.

[Jabberwocky]

I've used cppcheck and I recommend it.
There may be some false positives depending on your coding style. But it's worth slogging through all the warnings - you'll likely find many bugs or style issues that should be fixed up.

[masterfalcon]

+1 for cppcheck. I have a big batch of fixes for Ogre from it. Waiting for post 1.8 release though.

[saejox]

let me answer this for future reference.
dont just use one tool. they all check for diffrent type of errors.
here are my recommendations

/analyze in VC++
cppcheck
eclipse static analysis (works very good, i am surprised, it found lots of errors /analyze and cppcheck missed)
clang ( setup is a bitch, nevertheless very much worth it)

most paid tools are not even good as cppcheck. i tested many.

[nickG]

You can use PVS-Studio

[Miscreant]

I'll third cppcheck, plus clang is also very good. Clang setup on Windows is a bitch but seemed pretty easy on Linux - just install and substitute "g++" and "gcc" in your project build options for "clang++" and "clang" respectively.

[Andrey_Karpov]

CppCat - new plugin for Visual Studio 2010-2013. CppCat is a lite static code analyzer for C/C++. Visual Studio gallery: http://bit.ly/1acLXh0

[James_Carter]

You can test CppDepend, it's free for the open source community. and it integrate also cppcheck tool.