Introduction

Many software engineers don’t know about the vast array of tools available out there to help them write better code. And even if they do know about these tools, they don’t know how to use them, how to install them and how to integrate them with their current development process. A software engineer shouldn’t need to become a DevOps expert or Linux expert to install them and use them. A software engineer shouldn’t need to spend hours learning how to use them. A software engineer shouldn’t need to remember to run these tools all the time. SoftaCheck was created to alleviate those pain points.

If you’re a software engineer, SoftaCheck can help you create better software. SoftaCheck offers a great set of open-source tools “out-of-the-box” to aid developers.

You don’t need to maintain them; you don’t need to know how to install them, you don’t need to know how to integrate them and you don’t need to remember to run them. It’s all automatic and taken care of letting you focus on what you do best and love – write code.

SoftaCheck runs great tools for you automatically every time you update your repository.

Also, if you are working with several team members, using SoftaCheck standardizes the development process automatically for all users who contribute to the repository – No need to train, teach or coach anyone because it’s all automatic. Our mission is to make all these tools accessible to software engineers elevating them instantly to a higher professional level.

Join us and create software like a pro.

Static Analysis for C/C++ Code

 

The concern with source code quality must be part of the software development processes from the initial stages and not only during functional tests. Static code analysis is one of the practices that checks the quality of the source code. The verification is carried out based on a set of pre-established rules. The purpose of the analysis is to highlight problems, so that they can be corrected with maximum focus, resulting in greater efficiency in the quality improvement process.

In software written in C / C ++ it is common to have memory errors, such as invalid dereferences, access to uninitialized variables and invalid memory free operations. These types of errors are difficult to detect as they normally lead to the program’s undefined behavior, that is, they can either cause their immediate failure or allow that it continues to function silently defective.

Automatic static source code analysis requires less effort on the part of development teams, an important factor in the current context of the industry. With static source code analysis, we can analyze the program without executing the source code.

Below we will list some static analysis tools for C / C ++ code.

Tool 1 – CppCheck – an open-source tool for C/C++ static analysis

 

Cppcheck is a static code analysis tool for applications written in C / C ++. The main purpose of the tool is to find errors that are not normally identified by the compiler, including:

• Dereferencing an uninitialized pointer.
• Access outside the limits of a vector.
• Use of uninitialized variables.
• Resource leakage (files opened but not closed, memory allocated but not deallocated, etc.).
• Warnings about unused or duplicate code.

Tool 2 – Clang-Tidy – an open-source tool for C/C++ static analysis

 

Clang has some very interesting tools that can be used alone or in conjunction with other tools to assist in the development of C / C ++ applications, including static code analyzer, code formatter, code refactor, etc.

The Clang-Tidy is a complete static code analysis tool. Just run the clang-tidy tool in the source code to see the results of the static analysis.

Tool 3 – Doxygen – Automatic Code Documentation Generation

 

In terms of software reusability, the documentation shows vital importance since one of the main functions of good code documentation is to present the user with a view of programs or API to be used by the client code without, however, exposing details of the implementation, thus making it easier to use.

The use of an automatic documentation tool has the advantage of allowing us to focus on drawing up a good description of the code, instead of wasting time on details related to the appearance of the documentation.

Doxygen is a program that generates the documentation of a program from the analysis of a code written in C, C++, C#, D, Fortran, IDL, Java, Objective-C, Perl, PHP, Python, and VHDL. These codes are recognized data structures, functions and comments made with a special syntax.

All code documentation is stored in the cloud on SoftaCheck’s servers giving accessibility only to those who have access to the repository via the users’ GitHub credentials.

SoftaCheck GitHub Integration – All tools are run in the cloud

 

The entire tool is integrated with GitHub allowing to instantly and routinely use all the tools offered by SoftaCheck on your repository.

Future Tools

Our goal is to constantly add more open-source tools in order to make developers’ lives easier. We are constantly working on improving the SoftaCheck platform. Stay tuned for new tools as they will be added gradually.