Skip to content

Static code analyzers

Jump to bottom Edit New page
Phalcon edited this page Jan 12, 2014 · 3 revisions

scan-build

scan-build is a command line utility that enables a user to run the static analyzer over their codebase as part of performing a regular build (from the command line).

During a project build, as source files are compiled they are also analyzed in tandem by the static analyzer.

cd ext
mkdir report
phpize
scan-build -o report ./configure
scan-build -o report make

cppcheck

Cppcheck is a static analysis tool for C/C++ code. Unlike C/C++ compilers and many other analysis tools it does not detect syntax errors in the code. Cppcheck primarily detects the types of bugs that the compilers normally do not detect. The goal is to detect only real errors in the code (i.e. have zero false positives).

cd ext
phpize
./configure
php-config --includes | sed -r 's/^-I//; s/ -I/\n/g' > includes.txt
cppcheck --includes-file=includes.txt --enable=all .

sparse

Sparse provides a set of annotations designed to convey semantic information about types, such as what address space pointers point to, or what locks a function acquires or releases.

cd ext
phpize
./configure CC=cgcc CFLAGS="-Wsparse-all"
Add a custom footer
Add a custom sidebar
Clone this wiki locally