Cppcheck 是一个用于 C 和 C++ 源代码的静态分析工具和检查器,旨在在不执行程序的情况下检测编程错误、内存泄漏和安全违规。它作为一个错误检测引擎和质量保证工具,用于识别并发问题、类型转换错误以及对安全编码标准的合规性。
cppcheck-opensource/cppcheck 的主要功能包括:C/C++ Static Analysis, Bug Detection Engines, Code Analysis and Linters, C/C++ Linters, Lexical Tokenizers, Coding Standard Compliance, Control-Flow Graph Generation, Naming Conventions。
cppcheck-opensource/cppcheck 的开源替代品包括: checkstyle/checkstyle — Checkstyle is a Java static analysis tool and linter designed to identify and enforce coding standards and best… spotbugs/spotbugs — SpotBugs is a static analysis tool and bytecode analyzer for Java applications. It scans compiled class files to… crytic/slither. cpp-best-practices/cppbestpractices — This project is a curated collection of guidelines and technical resources designed to improve C++ code safety,… thoughtbot/guides — This project is a software engineering style guide and a curated collection of architectural patterns and coding… csslint/csslint — This project is a CSS linter and static analysis tool designed to identify syntax errors, logic flaws, and problematic…
Checkstyle is a Java static analysis tool and linter designed to identify and enforce coding standards and best practices. It functions as a code quality auditor and Javadoc validation tool, checking source code against configurable rulesets to ensure structural and stylistic consistency. The project allows for the creation of custom linting rules by extending a core API to inspect the abstract syntax tree. It further enables specialized validation through the use of XPath expressions to query the syntax tree for specific code patterns and violations. Capability areas include the enforcement
SpotBugs is a static analysis tool and bytecode analyzer for Java applications. It scans compiled class files to identify bugs, security vulnerabilities, and performance issues without executing the code. The system functions as both a bug detector and a static application security testing tool to locate logical errors and API misuse. The project distinguishes itself through a plugin-based detector architecture that allows the integration of external libraries to add custom detection rules. It provides specialized security auditing for vulnerabilities such as SQL injection, cross-site scripti
This project is a curated collection of guidelines and technical resources designed to improve C++ code safety, maintainability, and performance. It provides a comprehensive set of coding standards and best practices for establishing consistent naming, formatting, and structural patterns across C++ codebases. The guide offers specific technical advice on performance optimization, including methods for minimizing object copying, optimizing memory allocation, and reducing compilation cycles. It also provides a directory of tooling recommendations for implementing static analysis, fuzz testing,