Many resources discuss\u00a0the benefits of using the static analysis tools, and how they could help you \u00a0improve your code base. \u00a0Somehow they show you what you could gain after using them. But did you asked yourself what do you lose if you don\u2019t use them?<\/p>\n
Let\u2019s take an example of a memory corruption due to\u00a0\u00a0free of a pointer twice, this cause random crash. It could take few hours or maybe\u00a0many days to find this kind of issue. Many similar risky problems exist in C\/C++ specially concerning memory corruption. \u00a0Just one problem could cost few dollars or\u00a0many thousands of dollars.<\/p>\n
The impact of an issue depends also on the nature of the program, Indeed a problem in an embedded application of a machine does not have the same impact as a crash in a paint application.Sometimes one problem \u00a0could cost many million of dollars or even many billions of dollars, like the case of\u00a0Ariane 5<\/a>\u00a0\u00a0where a bug costs\u00a0$7 billion.<\/p>\n What do \u00a0you lose if you use a static analysis tool?<\/strong><\/p>\n Let\u2019s take as example cppcheck<\/a>, which is primarily detects the types of bugs that the compilers normally do not detect. Many interesting errors are reported by this tool.<\/p>\n You need less than one minute to download it, maybe 20 minutes to configure it, the analysis takes a few minutes to many hours, but in this time you are free to do other tasks. After the analysis you could have thousands of potential issues, in the beginning you could focus only on priority errors.<\/p>\n Finally for free static analysis tools, you lose only 30 min<\/strong> to have a list of potential issues that could cost you many thousand of dollars.<\/p>\n For commercial tools you lose more than time, you have to pay it.\u00a0Therefore, you lose also money. Let\u2019s suppose that you purchase a tool with 1000$ and it helps you \u00a0find a problem that needs two\u00a0or \u00a0three\u00a0days for\u00a0a developer to find it. Three days of a C\/C++ developer could cost more than 1000$, it depends of course where the company is. But if you take into account the hidden cost of one issue, you will be surprised how many a simple issue could cost to the company. Many stories exist on the web talking about the cost of simple issues.<\/p>\n Here are some free static analysis tools:<\/p>\n CppCheck <\/a>(Free): \u00a0Many checks are provided by CppCheck, here are some of the checks available:<\/p>\n Clang<\/a>(Free): Clang is a C\/C++ compiler, its diagnostics are very interesting, you could be surprised by the relevant issues reported, it could concern:<\/p>\n Clang-tidy<\/a>(Free): is a clang-based C++ \u201clinter\u201d tool. Its purpose is to provide an extensible framework for diagnosing and fixing typical programming errors, like style violations, interface misuse, or bugs that can be deduced via static analysis. clang-tidy<\/strong> is modular and provides a convenient interface for writing new checks. Here’s the checks list<\/a> of clang-tidy.<\/p>\n Many other static analysis tools exist, some of them are easily accessible to test, for others you have to contact their companies and ask for a trial version.<\/p>\n If you could just lose 30 min and\u00a0use cppcheck, be sure that you will not waste your time.<\/p>\n Summary<\/strong><\/p>\n It\u2019s better to combine many C++ tools to detect some issue in your C++ code base, some tools detect bugs, some others detect also the bug-prone situations . You can first try the free tools to check the issues reported.<\/p>\n","protected":false},"excerpt":{"rendered":" Many resources discuss\u00a0the benefits of using the static analysis tools, and how they could help you \u00a0improve your code base. \u00a0Somehow they show you what you could gain after using them. But did you asked yourself what do you lose if you don\u2019t use them? Let\u2019s take an example of a memory corruption due to\u00a0\u00a0free … Continue reading “Why should you care about C\/C++ static analysis?”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[7,32,13,34],"class_list":["post-211","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-c","tag-code-quality","tag-cpp","tag-static-analysis"],"_links":{"self":[{"href":"https:\/\/cppdepend.com\/blog\/wp-json\/wp\/v2\/posts\/211","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cppdepend.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cppdepend.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cppdepend.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cppdepend.com\/blog\/wp-json\/wp\/v2\/comments?post=211"}],"version-history":[{"count":7,"href":"https:\/\/cppdepend.com\/blog\/wp-json\/wp\/v2\/posts\/211\/revisions"}],"predecessor-version":[{"id":310,"href":"https:\/\/cppdepend.com\/blog\/wp-json\/wp\/v2\/posts\/211\/revisions\/310"}],"wp:attachment":[{"href":"https:\/\/cppdepend.com\/blog\/wp-json\/wp\/v2\/media?parent=211"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cppdepend.com\/blog\/wp-json\/wp\/v2\/categories?post=211"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cppdepend.com\/blog\/wp-json\/wp\/v2\/tags?post=211"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
\n