This topic explains how you can perform static code analysis to identify code that does not comply with a preconfigured or customized set of static analysis rules. Sections include:
Running Static Code Analysis
The general procedure for performing static code analysis on one or more files is as follows:
- Select or create a Test Configuration with your preferred static code analysis settings.
- For a description of preconfigured Test Configurations, see Built-in Test Configurations.
- For details on how to create a custom Test Configuration, see Configuring Test Configurations and Rules for Policies. Details on C++test-specific static analysis options are available at Static Tab Settings: "Defining How Static Analysis is Performed.
- Start the test using the preferred Test Configuration.
- For details on testing from the GUI, see Testing from the GUI.
- For details on testing from the command line, see Testing from the Command Line Interface.
- Review and respond to the results.
- For details, see Reviewing Static Code Analysis Results.
- (Optional) Fine-tune static code analysis settings as needed.
- For details, see Customizing Static Analysis Overview.
Configuring Batch-Mode Analysis with cpptestcli
Regularly-schedule batch-mode coding standard analysis should simply execute a built-in or custom Test Configuration that analyzes your project using the coding standard rules important to your team. For example:
- cpptestcli -data /path/to/workspace -resource "ProjectToTest" -config team://CodingStandard-sAnalysis -publish
Detecting Duplicated Code with Static Analysis
By identifying and removing duplicate code, you make your code more concise, more readable, and easier to maintain. It can detect similar code fragments that were introduced during the development process (for example by copy-paste mistakes). It is especially useful for large projects, where manual duplication detection is tedious and ineffective.
To detect duplicated code, run the built-in "Find Duplicated Code" Test Configuration or a custom Test Configuration that includes the desired rules from the Code Duplication Detection category.
You can customize the level of code similarity that is used to determine whether two code fragments are reported as duplicates. By configuring rule properties, you can ignore variable names, string literals, number literals, and boolean literals. All text flow differences (like tabs, spaces, line breaks and comments) are always ignored.
For more details, see the rule descriptions for specific rules in the Code Duplication Detection category.
Analyzing an MSBuild-based Project
C/C++test ships with a script that allows you to quickly reconfigure your MSBuild project to generate .bdf files. This script supports both Visual Studio and CMake-generated MSBuild projects. The script creates a backup of the target .vcxproj file and then modifies it to enable the requested Parasoft features on all build targets.
C/C++test includes a Python script launcher to run the included tools, which can be found at:
<CPPTEST_INSTALL_DIR>/bin/engine/bin/cpptestpy.exe
<CPPTEST_INSTALL_DIR>/integration/msbuild/msbuild_cpptest.py
To analyze an MSBuild-based project:
- Setup the environmental variables.
Be sure to not use double quotes after = which will cause incorrect string interpretation.
Setup the
CPPTEST_INSTALL_DIR
variable.set CPPTEST_HOME=<CPPTEST_INSTALL_DIR>
(CMake only) Generate your MSBuild files using CMake.
cd <PROJECT_DIR> mkdir build cd build cmake ..
Run the integration script.
<cpptestpy.exe> <msbuild_cpptest.py> -b -f project.vcxproj
Build the project using MSBuild.
msbuild -t:Rebuild project.sln
A .bdf file will be generated in your current working directory.
To launch static analysis, import the .bdf file. For details, see Creating a Project Using an Existing Build System.