List of tools for static code analysis
Appearance
This is a list of software tools that perform various kinds of static code analysis, grouped by programming language and in alphabetical order:
- AntiC (also does Java)
- BLAST
- CCured
- Cleanscape lints for C++ and for C
- CMT++
- CodeSurfer (based on work by Reps et al at the University of Wisconsin). CodeSonar (builds on CodeSurfer)
- Coverity (see also the MC Checker for background).
- Cqual
- Flawfinder, (GPL) contains a good list of other static checking tools towards the bottom
- GCC Introspector - C, but is expanding to include perl, bison, m4, bash, c#, java.c++, fortran, objective-c, lisp and scheme.
- Gimpel Software PC-Lint
- HP Code Advisor - identifies potential coding errors, porting issues, and security vulnerabilities.
- CodeWizard
- Klocwork
- Lattix LDM
- MOPS - (BSD style license)
- OpenC++
- OSPC
- PMD's Copy/Paste Detector
- PolySpace
- PREfast Part of DDK, for driver development, see VS2005 for user-land
- QAC, QAC-MISRA, QAC++ -coding style,metrics,dataflow - good enforcing of MISRA standards
- Smatch - C source checker, used mainly for Linux kernel code
- Sotograph
- Sparse
- Stacktool
- Splint
- Surveyor - C/C++, Java, COBOL, VB/VB.NET, Tcl, ASP, others
- Visual_Studio VS2005, Team Edition only, has a code analysis option available (via the options Code Analysis -> General -> Enable Code Analysis for C/C++ project).
Tool | License | Version | Details |
---|---|---|---|
FxCop | commercial | 1.35 | |
Lattix LDM | commercial | 2.7 | Architecture Management using dependency analysis |
Visual_Studio | commercial | 2005 | Visual Studio 2005 Team Suite or Team Edition for Software Developers only, has integrated FxCop and PREFast functionality. |
- Agitator Dashboard
- AntiC (also does C and/or C++)
- Checkstyle
- CMTJava - Complexity Measures Tool for Java
- ESC/Java - Extended Static Checking for Java
- ESC/Java2
- FindBugs
- Hammurapi
- JDepend
- Jlint
- Jtest
- Kaveri (Indus) - Program Comprehension/Slicing Tool (Library) for Java
- Lattix LDM
- PMD
- Purify
- QAJ
- Sotograph
- Spoon - Spoon is a Java program processor that fully supports Java 5
- Structure101 - Structural dependency analysis.
- Surveyor - Java and many other languages
- JSLint - An online tool which you can also download and run from command line
- Javascript Lint - A lint like tool for javascript written in C/C++ and based on JavaScript engine for the Firefox browser.
- PHP executes a built-in basic Lint check when invoked with the -l switch. Example usage:
for i in `find . -name \*.php`; do php -l $i | grep -v "No syntax errors"; done
- PMD's Copy/Paste Detector
- Zend Studio IDE includes static code analysis for PHP, called the "Code Analyzer".
Not language-specific
- PAG and PAG/WWW - The Program Analyzer Generator, not for a specific language, but for building analyzers.
- StackAnalyzer - Stack Usage Analysis.
Unknown language
See also
- The Introspector page lists more software programs of this type.