serhiikarasov / filcompare Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
cppclean - Open source static analyzer focused on finding problems in C++ source that slow development of large code bases.
$ pip install --upgrade cppclean
$ cppclean --include-path=directory1 --include-path=directory2
Name | Option | compiler |
---|---|---|
Stack-based buffer overrun protection | -fstack-protector–fstack-protector-all | gcc |
GOT Table Protection | -Wl,-z, relro | gcc |
Dynamic link path | -Wl,--disable-new-dtags,--rpath [path] | gcc |
Non-executable stack | -Wl,-z,noexecstack | gcc |
Image randomization | –fpie –pie | gcc |
Insecure C runtime function detection | –D_FORTIFY_SOURCE=2 –Wformat-security | gcc |
how to: http://clang.llvm.org/docs/HowToSetupToolingForLLVM.html
example
~/clang/build/bin/clang-check code.cpp -ast-dump --
Bloaty McBloatface
Bloaty McBloatface is a binary size analyzer/profiler for unix-like platforms
Metrix++ can identify and report on the most complex sections of your code. Reducing complex code helps you and the compiler understand it better and optimize it better.
Valgrind
Valgrind is a runtime code analyzer that can detect memory leaks, race conditions, and other associated problems. It is supported on various Unix platforms.
Heaptrack
A profiler created by a Valgrind's Massif developper. Quite similar to Massif with pros and cons over it, way more intuitive though.
Hotspot - An intuitive front-end to visualize datas produced by the perf CPU profiler.
uftrace - Can be used to generating function call graphs of a program execution.
OCLint is a free, libre and open source static code analysis tool for improving quality of C++ code in many different ways.
CppDepend Simplifies managing a complex C/C++ code base by analyzing and visualizing code dependencies, by defining design rules, by doing impact analysis, and comparing different versions of the code. It's free for OSS contributors.
add_custom_target(
DependencyGraph
COMMAND cmake --graphviz=DependencyGraph.dot .
COMMAND dot -Tsvg DependencyGraph.dot -o DependencyGraph.svg
WORKING_DIRECTORY ${CMAKE_BINARY_DIR})
mkdir graphviz
cd graphviz/
cmake --graphviz=graph ..
Finding unused headers does not work with -j more than 1.
pahole generates data on holes in the packing of data structures and classes in compiled code. It can also the size of structures and how they fit within the system's cache lines.
GCC / Clang
-Wall -Wextra -Wshadow -Wnon-virtual-dtor -pedantic
-Wall -Wextra reasonable and standard
-Wshadow warn the user if a variable declaration shadows one from a parent context
-Wnon-virtual-dtor warn the user if a class with virtual functions has a non-virtual destructor. This helps catch hard to track down memory errors
-Wold-style-cast warn for c-style casts
-Wcast-align warn for potential performance problem casts
-Wunused warn on anything being unused
-Woverloaded-virtual warn if you overload (not override) a virtual function
-Wpedantic (all versions of GCC, Clang >= 3.2) warn if non-standard C++ is used
-Wconversion warn on type conversions that may lose data
-Wsign-conversion (Clang all versions, GCC >= 4.3) warn on sign conversions
-Wmisleading-indentation (only in GCC >= 6.0) warn if indentation implies blocks where blocks do not exist
-Wduplicated-cond (only in GCC >= 6.0) warn if if / else chain has duplicated conditions
-Wduplicated-branches (only in GCC >= 7.0) warn if if / else branches have duplicated code
-Wlogical-op (only in GCC) warn about logical operations being used where bitwise were probably wanted
-Wnull-dereference (only in GCC >= 6.0) warn if a null dereference is detected
-Wuseless-cast (only in GCC >= 4.8) warn if you perform a cast to the same type
-Wdouble-promotion (GCC >= 4.6, Clang >= 3.8) warn if float is implicit promoted to double
-Wformat=2 warn on security issues around functions that format output (ie printf)
-Wlifetime (only special branch of Clang currently) shows object lifetime issues
Consider using -Weverything and disabling the few warnings you need to on Clang
-Weffc++ warning mode can be too noisy, but if it works for your project, use it also.
There should be a test enabled for every feature or bug fix that is committed. See also Code Coverage Analysis. These are tests that are higher level than unit tests. They should still be limited in scope to individual features.
[email protected]:JossWhittle/FlintPlusPlus.git
../FlintPlusPlus/bin/deb64/flint++ -r src/*cpp -v
If your project accepts user defined input, considering running a fuzzy input tester.
These tools use coverage reporting to find new code execution paths and try to breed novel inputs for your code. They can find crashes, hangs, and inputs you didn't know were considered valid.
american fuzzy lop
LibFuzzer
KLEE - Can be used to fuzz individual functions
add reading of extended attributes https://man7.org/linux/man-pages/man2/getxattr.2.html
These tools take code executed during unit test runs and mutate the executed code. If the test continues to pass with a mutation in place, then there is likely a flawed test in your suite.
Dextool Mutate
MuCPP
mull
CCMutator
$ cmake -DCMAKE_EXPORT_COMPILE_COMMANDS=ON .
clang-modernize src/*.cpp -for-compilers=gcc-4.8 -include include -p compile_commands.json
The command "if [ "${BUILD_ONLY}" != "1" ]; then ctest; fi" exited with 0.
0.34s$ if [ "${COVERAGE}" = "1" ]; then bash <(curl -s https://raw.githubusercontent.com/codecov/codecov-bash/master/codecov) -x $GCOV -a "-s pwd
" ; fi
/ ____| | |
| | ___ __| | ___ ___ _____ __
| | / _ \ / _` |/ _ / __/ _ \ \ / /
| || () | (| | __/ (| (_) \ V /
______/ _,|_|____/ _/
Bash-tbd
==> Travis CI detected.
project root: .
Yaml not found, that's ok! Learn more at http://docs.codecov.io/docs/codecov-yaml
==> Running gcov in . (disable via -X gcov)
==> Python coveragepy not found
==> Searching for coverage reports in:
+ .
--> No coverage report found.
Please visit http://docs.codecov.io/docs/supported-languages
The command "if [ "${COVERAGE}" = "1" ]; then bash <(curl -s https://raw.githubusercontent.com/codecov/codecov-bash/master/codecov) -x $GCOV -a "-s pwd
" ; fi" exited with 0.
CNCC
Customizable Naming Convention Checker can report on identifiers in your code that do not follow certain naming conventions.
LLVM based tools work best with a build system (such as cmake) that can output a compile command database, for example:
$ cmake -DCMAKE_EXPORT_COMPILE_COMMANDS=ON .
clang-tidy: -extra-arg=-std=c++11
cpp-check: cppcheck: error: unrecognized command line option: "--error-exitcode".
#include <stdlib.h>
int main() {
char *x = (char*)malloc(10 * sizeof(char*));
free(x);
return x[5];
}
int main(int argc, char** argv) {
int* a = new int[10];
a[5] = 0;
if (a[argc])
printf("xx\n");
return 0;
}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.