serhiikarasov / filcompare Goto Github PK

cppclean - Open source static analyzer focused on finding problems in C++ source that slow development of large code bases.

$ pip install --upgrade cppclean
$ cppclean --include-path=directory1 --include-path=directory2

how to: http://clang.llvm.org/docs/HowToSetupToolingForLLVM.html

example

 ~/clang/build/bin/clang-check code.cpp -ast-dump --

Bloaty McBloatface

Bloaty McBloatface is a binary size analyzer/profiler for unix-like platforms

Metrix++ can identify and report on the most complex sections of your code. Reducing complex code helps you and the compiler understand it better and optimize it better.

Valgrind
Valgrind is a runtime code analyzer that can detect memory leaks, race conditions, and other associated problems. It is supported on various Unix platforms.

Heaptrack
A profiler created by a Valgrind's Massif developper. Quite similar to Massif with pros and cons over it, way more intuitive though.

OCLint is a free, libre and open source static code analysis tool for improving quality of C++ code in many different ways.

CppDepend Simplifies managing a complex C/C++ code base by analyzing and visualizing code dependencies, by defining design rules, by doing impact analysis, and comparing different versions of the code. It's free for OSS contributors.

Finding unused headers does not work with -j more than 1.

pahole generates data on holes in the packing of data structures and classes in compiled code. It can also the size of structures and how they fit within the system's cache lines.

GCC / Clang

-Wall -Wextra -Wshadow -Wnon-virtual-dtor -pedantic

-Wall -Wextra reasonable and standard
-Wshadow warn the user if a variable declaration shadows one from a parent context
-Wnon-virtual-dtor warn the user if a class with virtual functions has a non-virtual destructor. This helps catch hard to track down memory errors
-Wold-style-cast warn for c-style casts
-Wcast-align warn for potential performance problem casts
-Wunused warn on anything being unused
-Woverloaded-virtual warn if you overload (not override) a virtual function
-Wpedantic (all versions of GCC, Clang >= 3.2) warn if non-standard C++ is used
-Wconversion warn on type conversions that may lose data
-Wsign-conversion (Clang all versions, GCC >= 4.3) warn on sign conversions
-Wmisleading-indentation (only in GCC >= 6.0) warn if indentation implies blocks where blocks do not exist
-Wduplicated-cond (only in GCC >= 6.0) warn if if / else chain has duplicated conditions
-Wduplicated-branches (only in GCC >= 7.0) warn if if / else branches have duplicated code
-Wlogical-op (only in GCC) warn about logical operations being used where bitwise were probably wanted
-Wnull-dereference (only in GCC >= 6.0) warn if a null dereference is detected
-Wuseless-cast (only in GCC >= 4.8) warn if you perform a cast to the same type
-Wdouble-promotion (GCC >= 4.6, Clang >= 3.8) warn if float is implicit promoted to double
-Wformat=2 warn on security issues around functions that format output (ie printf)
-Wlifetime (only special branch of Clang currently) shows object lifetime issues

Consider using -Weverything and disabling the few warnings you need to on Clang

-Weffc++ warning mode can be too noisy, but if it works for your project, use it also.

There should be a test enabled for every feature or bug fix that is committed. See also Code Coverage Analysis. These are tests that are higher level than unit tests. They should still be limited in scope to individual features.

• run flint++

[email protected]:JossWhittle/FlintPlusPlus.git
 ../FlintPlusPlus/bin/deb64/flint++ -r src/*cpp -v

If your project accepts user defined input, considering running a fuzzy input tester.

These tools use coverage reporting to find new code execution paths and try to breed novel inputs for your code. They can find crashes, hangs, and inputs you didn't know were considered valid.

american fuzzy lop
LibFuzzer
KLEE - Can be used to fuzz individual functions

https://kristerw.blogspot.com/2018/03/detecting-incorrect-c-stl-usage.html

add reading of extended attributes https://man7.org/linux/man-pages/man2/getxattr.2.html

These tools take code executed during unit test runs and mutate the executed code. If the test continues to pass with a mutation in place, then there is likely a flawed test in your suite.

Dextool Mutate
MuCPP
mull
CCMutator

$ cmake -DCMAKE_EXPORT_COMPILE_COMMANDS=ON .
clang-modernize src/*.cpp -for-compilers=gcc-4.8 -include include -p compile_commands.json

The command "if [ "${BUILD_ONLY}" != "1" ]; then ctest; fi" exited with 0.

0.34s$ if [ "${COVERAGE}" = "1" ]; then bash <(curl -s https://raw.githubusercontent.com/codecov/codecov-bash/master/codecov) -x $GCOV -a "-s pwd" ; fi

/ ____| | |

| | ___ __| | ___ ___ _____ __

| | / _ \ / _` |/ _ / __/ _ \ \ / /

| || () | (| | __/ (| (_) \ V /

______/ _,|_|____/ _/

                          Bash-tbd

==> Travis CI detected.

project root: .

Yaml not found, that's ok! Learn more at http://docs.codecov.io/docs/codecov-yaml

==> Running gcov in . (disable via -X gcov)

==> Python coveragepy not found

==> Searching for coverage reports in:

+ .

--> No coverage report found.

Please visit http://docs.codecov.io/docs/supported-languages

The command "if [ "${COVERAGE}" = "1" ]; then bash <(curl -s https://raw.githubusercontent.com/codecov/codecov-bash/master/codecov) -x $GCOV -a "-s pwd" ; fi" exited with 0.

https://rr-project.org/

CNCC

Customizable Naming Convention Checker can report on identifiers in your code that do not follow certain naming conventions.

LLVM based tools work best with a build system (such as cmake) that can output a compile command database, for example:

$ cmake -DCMAKE_EXPORT_COMPILE_COMMANDS=ON .

https://pypi.org/project/lizard/

clang-tidy: -extra-arg=-std=c++11
cpp-check: cppcheck: error: unrecognized command line option: "--error-exitcode".

• clang sanitizer asan "-fsanitize=address"

#include <stdlib.h>
int main() {
  char *x = (char*)malloc(10 * sizeof(char*));
  free(x);
  return x[5];
}

• clang sanitizer msan "-fsanitize=memory"

int main(int argc, char** argv) {
  int* a = new int[10];
  a[5] = 0;
  if (a[argc])
    printf("xx\n");
  return 0;
}