nuto
nuto copied to clipboard
nutofem
Static analysis
There are quite a few static anlysis tools out there for C++. I'd suggest we start using them, ideally in an automated way. For example, the Clang Static Analyzer and cppcheck already run daily on the NuTo codebase using Jenkins, the results of which you can find here.
Additionally, we could have a look at Coverity, Codacy, Coala, Better Code Hub, Clang Tidy, OCLint and SonarQube. Let's use computers to find bugs for us.
Also, include-what-you-use can help finding unused includes for compile time reduction.
Jenkins
Static analysis tools are awesome to improve our code quality. However, they only make sense if we actually care about their output. E.g. cppcheck currently yields 502 issues
| Severity | Count |
|---|---|
| Warning | 47 |
| Style | 336 |
| Performance | 108 |
| Information | 1 |
I suggest that we enable an email notification whenever the number of issues gets worse (similar to what codecov is doing) and create a single Jenkins job for each tool that we choose to use.
Similarly, we can observe the build time and check our benchmarks for performance.
Static analysis wishlist
Since we have to request new tools on our Jenkins server, I would suggest that we decide on a single additional tool first. Here is the poll. You can only vote once:
If you have 10 minutes to briefly look at the above static analysis tools and vote for a single tool that you think is most useful, I would much appreciate your contribution.
@joergfunger @Psirus @TTitscher @szorn85 @vhirtham @vkindrac @pmueller2 @potto1
I have voted for Coala, mainly because it runs locally (in contrast to Coverity and Better Code Hub) and because you can check many more things, e.g.
- CMake scripts
- Python code
- Multiple external cpp linters
- File name naming conventions
- Commit message format
- look for "TODO" and "FIXME"
- number of lines per file
- length of lines
- check shell scripts
- spell checking
