Free static code scanner for C/C++/C# [closed]

Free static code scanner for C/C++/C# [closed]

Does anyone know an open-source and/or free code-scanner for automated code analysis in C#, C or C++?

I know for Java there's some brilliant stuff like FindBugs (Eclipse integrated), PMD, or Hammurapi.

Is there anything similar for the C-languages?


IS C++ converted into MSIL?


Interop sending string from C# to C++ [duplicate]
For .NET languages, you can look at Reflector CodeMetrics which provides some code analysis and design metrics.

Exporting functions from C++ dll to C# P/Invoke
Also take a look at all of the Reflector addins..
How can I put an array inside a struct in C#?
I also second the recommendation for FxCop and StyleCop..
Passing custom objects between C# and unmanaged C++

Can't get SAFEARRAY to work with Interop

What are the differences between C, C# and C++ in terms of real-world application


What's the “Hello World!” of genetic algorithms good for?
FxCop is a free scanner for .Net..


StyleCop does source level analysis..


For C code, you may take a look at Coccinelle.

It is already used to find and fix bugs in the Linux kernel..


NDepend has a two-week trial license..


Resharper does some code analysis especially for pointing out redundant code and logic faults..


You may be able to get some value out of running VC++ with /analyze switch.

Although, this particular switch is not available with every edition.

Get the compiler which ships with Windows SDK..


Through the comments here and some google magic I came to splint:
  • Seems to be quite helpful for C.
  • easy to use
  • not Visual Studio dependent
The FxCop and StyleCop extensions look very sophisticated for VisualStudio and .Net.

. Thanks so far, wishi.


You'll find a list of free and not so free static analysis tools here..


Gendarme is free and open source.

It analyses at IL level and provides information related to the source files using the pdb.

Even without pdb's it provides results but difficult to localize in the code.. Note that it is best to use it on release code, what is unusual for static analyzers.

This is because of the IL analysis: the debug code is cluttered and leads to more false positives.. Gendarme generates a nice HTML report and can be integrated easily in a continuous build server like

82 out of 100 based on 82 user ratings 982 reviews