TscanCode的安装与基本使用

本文介绍腾讯的一款开源的静态分析工具TscanCode，目前在github上有1.5k的star。

安装

直接git clone 下来，用release目录下的二进制即可。另外，可能需要给二进制加下执行权限（下面的第二行）

git clone https://github.com/Tencent/TscanCode.git
chmod u+x TscanCode/release/linux/TscanCodeV2.14.2395.linux/tscancode
1
2

基本使用

输入-h选项，会弹出以下帮助信息，看起来和cppcheck有点像

> tscancode -h
TscanCode - A tool for static C/C++ code analysis

Syntax:
    tscancode [OPTIONS] [files or paths]

If a directory is given instead of a filename, *.cpp, *.cxx, *.cc, *.c++, *.c,
*.tpp, and *.txx files are checked recursively from the given directory.

Options:
    -D<ID>               Define preprocessor symbol. Unless --max-configs or
                         --force is used, TscanCode will only check the given
                         configuration when -D is used.
                         Example: '-DDEBUG=1 -D__cplusplus'.
    -U<ID>               Undefine preprocessor symbol. Use -U to explicitly
                         hide certain #ifdef  code paths from checking.
                         Example: '-UDEBUG'
    --enable=<id>        Enable additional checks. The available ids are:
                          * all
                                  Enable all checks. It is recommended to only
                                  use --enable=all when the whole program is
                                  scanned, because this enables unusedFunction.
                          * warning
                                  Enable warning messages
                          * style
                                  Enable all coding style checks. All messages
                                  with the severities 'style', 'performance' and
                                  'portability' are enabled.
                          * performance
                                  Enable performance messages
                          * portability
                                  Enable portability messages
                          * information
                                  Enable information messages
                          * unusedFunction
                                  Check for unused functions. It is recommend
                                  to only enable this when the whole program is
                                  scanned.
                          * missingInclude
                                  Warn if there are missing includes. For
                                  detailed information, use '--check-config'.
                         Several ids can be given if you separate them with
                         commas. See also --std
    -h, --help           Print this help.
    -I <dir>             Give path to search for include files. Give several -I
                         parameters to give several paths. First given path is
                         searched for contained header files first. If paths are
                         relative to source files, this is not needed.
    -j <jobs>            Start [jobs] threads to do the checking simultaneously.
    -q, --quiet          Do not show progress reports.
    --xml                Write results in xml format to error stream (stderr).

Example usage:
  # Recursively check the current folder. Print the progress on the screen and
  # write errors to a file:
  tscancode . 2> err.txt

  # Recursively check ../myproject/ and don't print progress:
  tscancode --quiet ../myproject/

  # Check test.cpp, enable all checks:
  tscancode --enable=all test.cpp

  # Check f.cpp and search include files from inc1/ and inc2/:
  tscancode -I inc1/ -I inc2/ f.cpp

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66

类似cppcheck的用法，不过好像暂时不可以指定输出的template

./tscancode /home/iskindar/Project/targets/libpng/repo  2> err.txt

1
2

另外，还可以输出为xml的格式

./tscancode /home/iskindar/Project/targets/libpng/repo  --xml 2> result.xml
1

可以看到跑出了如下结果。

...
[/home/iskindar/Project/targets/libpng/repo/contrib/libtests/pngimage.c:1082]: (Serious) Comparing [rows] to null at line 1071 implies that [rows ] might be null.Dereferencing null pointer [rows].
[/home/iskindar/Project/targets/libpng/repo/contrib/libtests/tarith.c:629]: (Warning) An unconditional 'break/return/goto' within a loop.It may be a mistake.
[/home/iskindar/Project/targets/libpng/repo/pngread.c:2830]: (Serious) Comparing [trans] to null at line 2816 implies that [trans ] might be null.Dereferencing null pointer [trans].
[/home/iskindar/Project/targets/libpng/repo/pngrtran.c:2144]: (Serious) Null - checking [png_ptr] suggests that it may be null, but it has already been dereferenced at line 2141.
[/home/iskindar/Project/targets/libpng/repo/pngset.c:1488]: (Serious) Null - checking [new_list] suggests that it may be null, but it has already been dereferenced at line 1474 in function[memcpy].
[/home/iskindar/Project/targets/libpng/repo/pngset.c:470]: (Serious) Comparing [swidth] to null at line 446 implies that [swidth ] might be null.Dereferencing null pointer [swidth].
[/home/iskindar/Project/targets/libpng/repo/pngset.c:489]: (Serious) Comparing [sheight] to null at line 450 implies that [sheight ] might be null.Dereferencing null pointer [sheight].
[/home/iskindar/Project/targets/libpng/repo/pngwutil.c:1134]: (Serious) Comparing [profile] to null at line 1131 implies that [profile ] might be null.Dereferencing null pointer [profile]. The error is in macros.
missingInclude :,,

1
2
3
4
5
6
7
8
9
10
11

总体来说挺方便的，官网给出的几个优点：

• 支持多语言，包括C/C++，C#，lua

• 快且精准，每分钟能扫描200k行的代码。准确率有90%

• 很容易使用。不需要编译。

• 可扩展。可以自己写规则。