代码静态检查

人生要不断完善自己，项目也一样，最近用到了代码静态检查工具来检测了一下项目代码，用了两个工具，linux下的cppcheck和windows下的TscanCode，用法都很简单，就不细说了，最后得出的结果还是有一些区别的，大部分是
真实存在的代码问题。

cppcheck的结果像这样:

[haizhan_src_2/ActivityTask/ActivityTask.cpp:48]: (warning) Member variable 'CActivityTask::tmExpire' is not initialized in the constructor.
[haizhan_src_2/ActivityTask/ActivityTask.cpp:48]: (warning) Member variable 'CActivityTask::bSendInsert' is not initialized in the constructor.
[haizhan_src_2/ActivityTask/ActivityTask.cpp:48]: (warning) Member variable 'CActivityTask::bDBInsert' is not initialized in the constructor.
[haizhan_src_2/Email/SystemEmailManager.cpp:407] -> [haizhan_src_2/Email/SystemEmailManager.cpp:404]: (error) Iterator 't_it' used after element has been erased.
[haizhan_src_2/userinfo_export/userinfo_export_serviceService.cpp:379]: (error) Dereferencing '_pmapRoleInfos' after it is deallocated / released

它会给出一些warning和error，包括未初始化的变量，数组越界使用，失效的迭代器，无效的函数等等等等。

TscanCode的结果：

<?xml version="1.0" encoding="UTF-8"?>
<results>
    <error file="E:\Work\Server\haizhan_src\ArenaMain\ArenaSceneDead.cpp" line="255" id="nullpointer" subid="dereferenceAfterCheck" severity="error" msg="[_pPlayerFlag.player_before] is dereferenced here after checking null at line 250, which implies that [ _pPlayerFlag.player_before ] may be null dereferenced." web_identify="{&quot;identify&quot;:&quot;_pPlayerFlag.player_before&quot;}" func_info="int CArenaSceneDead::check_FlagTimeValue ( int _unTimeInterval , TFlagPlayerInfo * _pPlayerFlag )"/>
    <error file="E:\Work\Server\haizhan_src\BattleMatch\BattleMapMatch.cpp" line="1265" id="nullpointer" subid="dereferenceAfterCheck" severity="error" msg="[_pOtherMatchTeam] is dereferenced here after checking null at line 1194, which implies that [ _pOtherMatchTeam ] may be null dereferenced." web_identify="{&quot;identify&quot;:&quot;_pOtherMatchTeam&quot;}" func_info="void CMapMatch::RepairBalance ( TMatchTempCampVec &amp; _stMatchTempCampVec , TMatchTempElo &amp; _stElo , bool _bUseOneTeam , bool _bUsePrioryTeam , CMatchTeamMap * _pOtherMatchTeam , int _eOtherMatchType )"/>
    <error file="E:\Work\Server\haizhan_src\Warship\ExtraPartPlugin.cpp" line="707" id="nullpointer" subid="dereferenceAfterCheck" severity="error" msg="[t_consume] is dereferenced here after checking null at line 700, which implies that [ t_consume ] may be null dereferenced." web_identify="{&quot;identify&quot;:&quot;t_consume&quot;}" func_info="void CExtraPartPlugin::deduct_RankUpConsumables ( int _consumeid , const char * _szReason , int _unReasonParam )"/>
    <error file="E:\Work\Server\haizhan_src\xmlloader\MatchBuyDataManager.cpp" line="30" id="logic" subid="uninitMemberVar" severity="warning" msg="Member variable &apos;TRecommData::pIStdMatchBuyMain,&apos; is not initialized in the constructor." web_identify="{&quot;identify&quot;:&quot;TRecommData::pIStdMatchBuyMain,&quot;}" func_info=""/>
    <error file="E:\Work\Server\haizhan_src\xmlloader\StdListener.cpp" line="110" id="logic" subid="SignedUnsignedMixed" severity="warning" msg="Unsigned to signed assignment occurs." web_identify="" func_info="void Prop::set_Param1 ( int param )"/>
</results>

同样会给出很多错误，但是比cppcheck更加详细，标明了错误的类型，子类型，错误内容。

总结

两种工具各有千秋，不过个人认为还是TscanCode更好用，报告的内容也更全，腾讯还是做点好事的。。。