Source Code Validation Tools

Active5 months ago

The source code for the W3C Markup Validation Service is available under the terms of the W3C Software License. If you just want to glance at the code, or see its revision history, you can browse it directly in Github. Open Source Code Analyzers in Java. Condenser is a tool for finding and removing duplicated Java code. Unlike tools that only locate duplicated code, the aim of. Markup Validation Service The W3C Markup Validation Service, also known simply as “HTML Validator” is a free online service that helps check Web documents in languages such as HTML, XHTML, SVG, MathML, etc. Its source code is also available, and it is relatively easy to install on a number of platforms. Source code analysis tools, also referred to as Static Application Security Testing (SAST) Tools, are designed to analyze source code and/or compiled versions of code to help find security flaws. Some tools are starting to move into the IDE.

It looks quite easy to find such a tool for Java (Checkstyle, JCSC), but I can't seem to find one for C/C++. I am not looking for a lint-like static code analyzer, I only would like to check against coding standards like variable naming, capitalization, spacing, identation, bracket placement, and so on.

Serge
5,9785 gold badges34 silver badges45 bronze badges
  • Jun 21, 2012  Download: Microsoft Dynamics CRM 2011 Custom Code Validation Tool The purpose of this tool is to assist customers and partners of Microsoft Dynamics CRM identify potential issues with their custom JavaScript in JavaScript libraries and HTML web resources.
  • This is the list of top source code analysis tools for different languages. =>> Contact us to add your listing here. Here is the list of the top 10 Static Code Analysis Tools for Java, C++, C# and Python.
DrealmerDrealmer
3,7033 gold badges23 silver badges34 bronze badges

closed as off-topic by kleopatra, Toto, RiaD, Jeroen, Sergey K.Aug 12 '13 at 15:00

This question appears to be off-topic. The users who voted to close gave this specific reason:

  • 'Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.' – kleopatra, Toto, RiaD, Jeroen, Sergey K.
If this question can be reworded to fit the rules in the help center, please edit the question.

12 Answers

Custom code validation tool

The only tool I know is Vera. Haven't used it, though, so can't comment how viable it is. Demo looks promising.

ΦXocę 웃 Пepeúpa ツ
35.5k13 gold badges43 silver badges68 bronze badges
yrpyrp
4,1891 gold badge20 silver badges10 bronze badges
schoetbi
6,1625 gold badges39 silver badges66 bronze badges
janesconferencejanesconference
3,7706 gold badges49 silver badges69 bronze badges

I'm sure this could help to some degree cxx checker. Also this tool seems to be pretty good KWStyle It's from Kitware, the guys who develop Cmake.

Andy Lester
71.3k12 gold badges80 silver badges139 bronze badges
tatsuhirosatoutatsuhirosatou
9,95412 gold badges33 silver badges37 bronze badges

Not exactly what you ask for, but I've found it easier to just all agree on a coding standard astyle can generate and then automate the process.

PieterPieter
14.2k6 gold badges45 silver badges82 bronze badges

Try nsiqcppstyle. It's a Python based coding style checker for C/C++. It's easy to extend to add your own rules.

JoshuaJoshua

There's a list. There is also a putative C++ frontend on splint.

user195488
EfForEffortEfForEffort
54.8k4 gold badges27 silver badges39 bronze badges

I have used a tool in my work its LDRA tool suite

It is used for testing the c/c++ code but it also can check against coding standards such as MISRA etc.

udpsuniludpsunil
7502 gold badges11 silver badges27 bronze badges

Check universalindentgui on sourceforge.net.

it has many style checkers for C and you can customise the checkers.

Mateusz Piotrowski
4,3566 gold badges35 silver badges56 bronze badges
Ajay Wazir

There is cppcheck which is supported also by Hudson via the plugin of the same name.

WernightWernight
23.7k18 gold badges102 silver badges121 bronze badges

Check Metrix++ http://metrixplusplus.sourceforge.net/. It may require some extensions which are specific for your needs.

AndrewAndrew
6561 gold badge5 silver badges17 bronze badges

Check out Abraxas Code Checkhttp://www.abxsoft.com/codchk_user.html

Tim ChildTim Child

I'm currently working on a project with another project to write just such a tool. I looked at other static code analysis tools and decided that I could do better.

Unfortunately, the project is not yet ready to be used without fairly intimate knowledge of the code (read: it's buggy as all hell). However, we're moving fairly quickly, and hope to have a beta release within the next 8 weeks.

The project is open source - you can visit the project page, and if you want to get involved, we'd love some more external input.

I won't bore you with the details - you can visit the project page for that, but I will say one thing: Most static code analysis tools are aimed at checking your code for mistakes, and not very concerned with checking for coding guidelines. We have taken a more flexible approach that allows us to write plugiins to check for both 'house rules' as well as possible bugs.

If you want any more information, please don't hesitate to contact me.

Cheers,

ThomiThomi
7,5518 gold badges60 silver badges105 bronze badges

Not the answer you're looking for? Browse other questions tagged c++ccoding-style or ask your own question.

Regression: How to fix this

Tools for validating OpenAPI (Swagger) files.

Requirements

  • node.js version > 10.x

You can install the latest stable release of node.js from here. For a machine with a linux flavored OS, please follow the node.js installation instructions over here

How to install the tool

Command usage:

What does the tool do? What issues does the tool catch?

Model validation checks whether definitions for request parameters and responses, match an expected input/output payload of the service.

Examples of issues:

  • required properties not sent in requests or responses;
  • defined types not matching the value provided in the payload;
  • constraints on properties not met; enumeration values that don’t match the value used by the service.

References: https://github.com/Azure/azure-rest-api-specs/issues/778 , https://github.com/Azure/azure-rest-api-specs/issues/755 , https://github.com/Azure/azure-rest-api-specs/issues/773

Model validation requires example payloads (request/response) of the service, so the data can be matched with the defined models. See x-ms-examples extension on how to specify the examples/payloads. Swagger “examples” is also supported and data included there is validated as well. To get the most benefit from this tool, make sure to have the simplest and most complex examples possible as part of x-ms-examples.

  • Please take a look at the redis-cache swagger spec as an example for providing 'x-ms-examples' over here.
  • The examples need to be provided in a separate file in the examples directory under the api-version directory azure-rest-api-specs/arm-<yourService>/<api-version>/examples/<exampleName>.json. You can take a look over here for the structure of examples.
  • We require you to provide us a minimum (just required properties/parameters of the request/response) and a maximum (full blown) example. Feel free to provide more examples as deemed necessary.
  • We have provided schemas for examples to be provided in the examples directory. It can be found over here. This will help you with intellisene and validation.
    • If you are using vscode to edit your swaggers in the azure-rest-api-specs repo then everything should work out of the box as the schemas have been added in the .vscode/settings.json file over here.
    • If you are using Visual Studio then you can use the urls provided in the settings.json file and put them in the drop down list at the top of a json file when the file is opened in VS.

How does this tool fit with others

Swagger specs validation could be split in the following:

  1. Schema validation
  2. Semantic validation
  3. Model definition validation
  4. Swagger operations execution (against mocked data or live tests)
  5. Human-eye review to complement the above

In the context of “azure-rest-api-specs” repo:

  • #1 is being performed on every PR as part of CI.
  • #2 and #3 are performed by the tool currently in openapi-validation-tools repo and by AutoRest linter. We’re working towards integrating them into CI for “azure-rest-api-specs” repo.
  • #4 is not available yet, though we’re starting to work on it.
  • #5 will be done by the approvers of PRs in “azure-rest-api-specs”, as this won’t be automated.

Autorest plugin configuration

  • Please don't edit this section unless you're re-configuring how oav plugs in to AutoRestAutoRest needs the below config to pick this up as a plug-in - see Autorest extensions.
Source Code Validation Tools

Javascript Code Validation Tool

Live Validation Mode

Codes

Validation Tool Download

  • A Live Validation mode has been added to OAV with the purpose of enabling validation of live traffic.
  • Usage (here is a sample of a request-response pair):

Regression testing

Output of the OAV tool has been snapshotted and committed to the repo. The regression test may be run on a sample or all of https://github.com/azure/azure-rest-api-specs. If there are changes to the snapshots the build produces a git patch file as an artifact which may be used to update the snapshots.

Fast Regression (~10mins) is used for merge validation

Slow Regression (~1 hour) is run after merge and should be fixed if it fails

Fixing regression builds

  1. Go to the failed build
  2. Download the artifact patch file
  3. In the OAV directory run git apply <path to patch file>
  4. Commit the patched changes and create a pull request
  5. Validate that the changes look ok and don't represent a breaking change in OAV
  6. Merge the PR

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.