Static code analysis is the analysis of a code that is performed without actually executing program build. The analysis is performed by tools varying from those that only considers the behavior of individual statements and declarations, to those that include the complete source code of a program in their analysis. The analysis highlights possible coding errors (e.g., the lint tool), possible memory leaks etc. There are a number of free tools available for performing static code analysis for multiple languages. Here is the list of them:
RATS – Rough Auditing Tool for Security – is an open source tool developed and maintained by Secure Software security engineers.
RATS is a tool for scanning C, C++, Perl, PHP and Python source code and flagging common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions. RATS scanning tool provides a security analyst with a list of potential trouble spots on which to focus, along with describing the problem, and potentially suggest remedies. It also provides a relative assessment of the potential severity of each problem, to better help an auditor prioritize. This tool also performs some basic analysis to try to rule out conditions that are obviously not problems.
Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. It automates the process of checking Java code to spare humans of this boring (but important) task. This makes it ideal for projects that want to enforce a coding standard.
Checkstyle is highly configurable and can be made to support almost any coding standard. An example configuration file is supplied supporting the Sun Code Conventions. As well, other sample configuration files are supplied for other well known conventions. Checkstyle is most useful if you integrate it in your build process or your development environment
Its an open-source static bytecode analyzer for Java (based on Jakarta BCEL) from the University of Maryland. It uses static analysis to look for bugs in Java code FindBugs requires JRE (or JDK) 1.5.0 or later to run. However, it can analyze programs compiled for any version of Java
PMD scans Java source code and looks for potential problems like:
- Possible bugs – empty try/catch/finally/switch statements
- Dead code – unused local variables, parameters and private methods
- Suboptimal code – wasteful String/StringBuffer usage
- Overcomplicated expressions – unnecessary if statements, for loops that could be while loops
- Duplicate code – copied/pasted code means copied/pasted bugs
PMD is integrated with JDeveloper, Eclipse, JEdit, JBuilder, BlueJ, CodeGuide, NetBeans/Sun Java Studio Enterprise/Creator, IntelliJ IDEA, TextPad, Maven, Ant, Gel, JCreator, and Emacs.
It aims to make development in Java language more robust. Hammurapi code review system captures coding best practices and delivers them to developers’ fingertips. It also generates consolidated reports for lead developers, architects, and managers to monitor codebase quality and evolution.
C Language support
Sparse, the semantic parser, provides a compiler frontend capable of parsing most of ANSI C as well as many GCC extensions, and a collection of sample compiler backends, including a static analyzer also called “sparse”. Sparse provides a set of annotations designed to convey semantic information about types, such as what address space pointers point to, or what locks a function acquires or releases. Sparse is a tool designed to find possible coding faults in the Linux kernel. This static analysis tool differed from other such tools in that it was initially designed to flag constructs that were only likely to be of interest to kernel developers. Sparse contains built-in checks for known problematic and a set of annotations designed to convey semantic information about types, such as what address space pointers point to, or what locks a function acquires or releases.
Splint is an open source evolved version of Lint. Splint is a tool for statically checking C programs for security vulnerabilities and coding mistakes. With minimal effort, Splint can be used as a better lint. If additional effort is invested adding annotations to programs, Splint can perform stronger checking than can be done by any standard lint.
Uno is a simple tool for source code analysis. It is designed to intercept primarily the three most common types of software defects:
Use of uninitialized variable,
Nil-pointer references, and
Out-of-bounds array indexing.
It allows for the specification and checking of a broad range of user-defined properties that can extend the checking power of the tool in an application driven way. Properties can be specified, for instance, for checking lock order disciplines, compliance with user-defined interrupt masking rules, rules stipulating that all memory allocated must be freed, etc.
BLAST is a software model checker for C programs. The goal of BLAST is to be able to check that software satisfies behavioral properties of the interfaces it uses. BLAST uses counterexample-driven automatic abstraction refinement to construct an abstract model which is model checked for safety properties. The abstraction is constructed on-the-fly, and only to the required precision.
Cppcheck is a tool for static C/C++ code analysis. This program tries to detect bugs that your C/C++ compiler don’t see. Most common errors it finds are memory leaks within a function range. It has found 21 confirmed and fixed bugs in the Linux kernel and many more from other open source projects. Cppcheck is free software released under the terms of the GNU General Public License. It is written in C++