Static code analyzers

Phalcon edited this page Jan 12, 2014 · 3 revisions


scan-build is a command line utility that enables a user to run the static analyzer over their codebase as part of performing a regular build (from the command line).

During a project build, as source files are compiled they are also analyzed in tandem by the static analyzer.

cd ext
mkdir report
scan-build -o report ./configure
scan-build -o report make


Cppcheck is a static analysis tool for C/C++ code. Unlike C/C++ compilers and many other analysis tools it does not detect syntax errors in the code. Cppcheck primarily detects the types of bugs that the compilers normally do not detect. The goal is to detect only real errors in the code (i.e. have zero false positives).

cd ext
php-config --includes | sed -r 's/^-I//; s/ -I/\n/g' > includes.txt
cppcheck --includes-file=includes.txt --enable=all .


Sparse provides a set of annotations designed to convey semantic information about types, such as what address space pointers point to, or what locks a function acquires or releases.

cd ext
./configure CC=cgcc CFLAGS="-Wsparse-all"
Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.