Static code analysis is a must which is unfortunatelly often overlooked.
Static program analysis is basically analysis looking at the source code without executing it (as opposed to dynamic analysis). Generally used to find bugs or ensure conformance to coding guidelines.
- sparse@wiki/sparse@man is a static analysis tool that was initially designed to only flag constructs that were likely to be of interest to kernel developers, such as the mixing of pointers to user and kernel address spaces. cgcc@man is a perl-script compiler wrapper to run Sparse after compiling.
- splint/splint@wiki/splint@man statically checking C programs for security vulnerabilities and coding mistakes. Formerly called LCLint, it is a modern version of the Unix lint tool. Project’s last update was November 2010.
- cpplint@wiki is a python script that designed to ensure that C++ code conforms to Google’s coding style guides. False positives are ignored by tagging lines with //NOLINT.
- clang analyzer is a source code analysis tool…
View original post 39 more words