Archive for March 31, 2009

10+ free tools for static code analysis

We had featured some free open source tools for UML and Code Review. In this article we will provide another set of useful tools for developers to perform static code analysis.


Static code analysis is the analysis of a code that is performed without actually executing program build. The analysis is performed by tools varying from those that only considers the behavior of individual statements and declarations, to those that include the complete source code of a program in their analysis. The analysis highlights possible coding errors (e.g., the lint tool), possible memory leaks etc. There are a number of free tools available for performing static code analysis for multiple languages. Here is the list of them:

Multi-language Support

1. RATS – Rough Auditing Tool for Security

RATS – Rough Auditing Tool for Security – is an open source tool developed and maintained by Secure Software security engineers.

RATS is a tool for scanning C, C++, Perl, PHP and Python source code and flagging common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions. RATS scanning tool provides a security analyst with a list of potential trouble spots on which to focus, along with describing the problem, and potentially suggest remedies. It also provides a relative assessment of the potential severity of each problem, to better help an auditor prioritize. This tool also performs some basic analysis to try to rule out conditions that are obviously not problems.

2. Yasica

Yet Another Source Code Analyzer is a plugin-based framework for scanning arbitrary file types like C/C++, Java, JavaScript, ASP, PHP, HTML/CSS, ColdFusion, COBOL, and other file types. It integrates with other scanners, including FindBugs, JLint, PMD, and Pixy. Yasca is a command-line tool. Just point it at your code base and watch it go to work. The output is an HTML file containing all findings.

Java Support

1. Checkstyle

Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. It automates the process of checking Java code to spare humans of this boring (but important) task. This makes it ideal for projects that want to enforce a coding standard.

Checkstyle is highly configurable and can be made to support almost any coding standard. An example configuration file is supplied supporting the Sun Code Conventions. As well, other sample configuration files are supplied for other well known conventions. Checkstyle is most useful if you integrate it in your build process or your development environment

2. FindBugs

Its an open-source static bytecode analyzer for Java (based on Jakarta BCEL) from the University of Maryland. It uses static analysis to look for bugs in Java code FindBugs requires JRE (or JDK) 1.5.0 or later to run.  However, it can analyze programs compiled for any version of Java

3. PMD

PMD scans Java source code and looks for potential problems like:

  • Possible bugs – empty try/catch/finally/switch statements
  • Dead code – unused local variables, parameters and private methods
  • Suboptimal code – wasteful String/StringBuffer usage
  • Overcomplicated expressions – unnecessary if statements, for loops that could be while loops
  • Duplicate code – copied/pasted code means copied/pasted bugs

PMD is integrated with JDeveloper, Eclipse, JEdit, JBuilder, BlueJ, CodeGuide, NetBeans/Sun Java Studio Enterprise/Creator, IntelliJ IDEA, TextPad, Maven, Ant, Gel, JCreator, and Emacs.

4. Hammurapi

It aims to make development in Java language more robust. Hammurapi code review system captures coding best practices and delivers them to developers’ fingertips. It also generates consolidated reports for lead developers, architects, and managers to monitor codebase quality and evolution.

C Language support

1. Sparse

Sparse, the semantic parser, provides a compiler frontend capable of parsing most of ANSI C as well as many GCC extensions, and a collection of sample compiler backends, including a static analyzer also called “sparse”. Sparse provides a set of annotations designed to convey semantic information about types, such as what address space pointers point to, or what locks a function acquires or releases. Sparse is a tool designed to find possible coding faults in the Linux kernel. This static analysis tool differed from other such tools in that it was initially designed to flag constructs that were only likely to be of interest to kernel developers. Sparse contains built-in checks for known problematic and a set of annotations designed to convey semantic information about types, such as what address space pointers point to, or what locks a function acquires or releases.

2. Splint

Splint is an open source evolved version of Lint. Splint is a tool for statically checking C programs for security vulnerabilities and coding mistakes. With minimal effort, Splint can be used as a better lint. If additional effort is invested adding annotations to programs, Splint can perform stronger checking than can be done by any standard lint.

3. Uno

Uno is a simple tool for source code analysis.  It is designed to intercept primarily the three most common types of software defects:

  • Use of uninitialized variable,
  • Nil-pointer references, and
  • Out-of-bounds array indexing.

It allows for the specification and checking of a broad range of user-defined properties that can extend the checking power of the tool in an application driven way. Properties can be specified, for instance, for checking lock order disciplines, compliance with user-defined interrupt masking rules, rules stipulating that all memory allocated must be freed, etc.


BLAST is a software model checker for C programs.  The goal of BLAST is to be able to check that software satisfies behavioral properties of the interfaces it uses. BLAST uses counterexample-driven automatic abstraction refinement to construct an abstract model which is model checked for safety properties. The abstraction is constructed on-the-fly, and only to the required precision.

C++ Support

1. Cppcheck

Cppcheck is a tool for static C/C++ code analysis. This program tries to detect bugs that your C/C++ compiler don’t see. Most common errors it finds are memory leaks within a function range. It has found 21 confirmed and fixed bugs in the Linux kernel and many more from other open source projects. Cppcheck is free software released under the terms of the GNU General Public License. It is written in C++

Best alternatives for CVS

The Concurrent Versioning System (CVS), is a free software revision control system. Version control system software keeps track of all work and all changes in a set of files, and allows several developers (potentially widely separated in space and/or time) to collaborate.

CVS is the most commonly used revision control system in the Open-Source world and it works well. It is reliable but has many limitations;

  • It does not do file renames or copies,
  • Can not send the files to the server
  • No atomicity of operations (Atomic commits)
  • No good handling of binary files.

Are you tired of using CVS? However, There are better alternatives for CVS.


Image source: FlashMagazine

Aegis (Debian/Linux)

Aegis is a transaction-based software configuration management system. It provides a framework within which a team of developers may work on many changes to a program independently, and Aegis coordinates integrating these changes back into the master source of the program, with as little disruption as possible.

It supports a strongly test-driven development workflow on top of any number of different underlying revision control systems, such as RCS or SCCS.

Arch (Windows, Linux, Mac OS)


GNU Arch is a distributed revision control system that is part of the GNU Project and licensed under the GNU General Public License. It is used to keep track of the changes made to a source tree and to help programmers combine and otherwise manipulate changes made by multiple people or at different times.

Bazaar (Windows, Linux, Mac OS)


Bazaar is an open-source decentralized and distributed version control system, released under the GNU GPL and supported by Canonical Ltd., designed to make it easier for anyone to contribute to free and open source software projects.

BitKeeper (Windows, Linux , Mac OS)


BitKeeper is a proprietary revision control system by BitMover Inc. that used to be available for free software developers under a gratis license. BitKeeper builds upon many of the TeamWare concepts. Its key selling point is the ease with which distributed development teams can keep their own local source repositories and still work with the central repository.

Darcs (Windows, Linux, Mac OS)


Darcs is an open source and free distributed version control system that is, easy to set up and serve, supports renames, and incorporates the author "Theory of Patches".

Monotone (Windows, Linux, Mac OS)


Monotone is an open source software tool for distributed revision control. Monotone tracks revisions to files, groups sets of revisions into changesets, and tracks history across renames. A capable version control system with a different philosophy, and strong reliance on strong cryptography. The design principle is distributed operation making heavy use of cryptographic primitives to track file revisions (via the SHA1 secure hash) and to authenticate user actions (via RSA cryptographic signatures).

Perforce (Windows, Linux, Mac OS)


Perforce is a commercial version control system developed by Perforce Software, Inc., which is very fast, robust, portable and also quite powerful. It requires a per-developer yearly licensing, but a gratis license is also available for open source developers but without support.

Subversion (Windows, Linux, Mac OS)


Subversion (SVN) is a version control system used to maintain current and historical versions of files such as source code, web pages, and documentation. Its goal is to be a mostly-compatible successor to the widely used Concurrent Versions System (CVS). A revision control system that was designed and programmed from the ground’s up to be modular and scalable, yet resembling CVS a bit in nature. Not as feature-rich as BitKeeper yet, but fully open-source.

Vesta (Red Hat/Kernel 2.4 or similar)


Vesta is a software configuration management system originally designed by Digital Corp (Compaq). Now distributed under the LGPL. Replaces both Make and CVS, and so can only be built with itself for the time being.

For more details on these CVS alternatives, please visit a wonderful website BetterSCM, that carries details on features, drawbacks etc of each revision control discussed here.

If you are hungry for more revision control alternatives, then please visit

Top 10 FREE Text editors

Text, Source editors are always needed and editors with lots of features always a best companion for a developer. Here we list some of the very best 10 free Text/Source editors. All these editors are customizable, support multiple file formats, syntax highlighting, compiler integration support and are followed by a huge user base.

If you feel that we have missed out any editors that deserve to be here, please add a comment and we will review it.

1. Bluefish (Available on Linux, Mac OS, Solaris)


Bluefish is an agile, light weight development editor that can support development in HTML, XHTML, CSS, XML, PHP, C, Javascript, Java, SQL, Perl, ColdFusion, JSP, Python, Ruby, and shell. Bluefish absolute full fledged IDE that works as a text editor for developers. Bluefish has a good user base and growing popular everyday.


2. Notepad++ (Available on Windows)


Notepad++ is a powerful free source code editor and Notepad replacement that supports several languages including C, C++, C#, Java, XML, HTML, Java Script, CSS, PHP, Perl and many more. It supports a lot of features like Syntax Coloring, WYSIWYG editor, Auto Completion, Multi-view, Multi-Document, Brace and Indent support, drag and drop, Regular expression search and many more. It even supports Macro recording and playback. Too much from a text editor, isn’t it? That’s the reason why it has been downloaded 13 million times from its sourceforge website.

800px-Notepad  _screenshot2

3. ConTEXT (Available on Windows)


ConTEXT is a small, fast and powerful freeware text editor, developed to serve as a secondary tool for software developers. It has built-in syntax highlighters for C/C++, Delphi/Pascal, FORTRAN, 80×86 assembler, Java, JavaScript, Visual Basic, Perl/CGI, HTML, SQL, Python, PHP, Tcl/Tk, and its own syntax highlighter definition language. Other features are code templates and the ability to work with several document windows using the Multiple Document Interface.


4. Notepad2 (Available for Windows)

Notepad2 is an free open-source text editor for Microsoft Windows, is written by Florian Balmer using the Scintilla editor component. It features syntax highlighting for the following computer languages: ASP, Assembly, C, C++, C#, CGI, CSS, HTML, Java, JavaScript, NSIS, Pascal, Perl, PHP, Python, SQL, VB, VBScript, XHTML and XML.


5. Vim (Available on all platforms)


Vim (Vi IMproved) is one of the most widely used text editors on the planet. It has several variants like GVim, GVim portable for Windows, MacVim for Mac OS. There is a modern version of Vim called Cream. Vim does not need any introduction!.


6. PSPad editor (Avaliable on Windows)


PSPad editor is a windows freeware text editor and source editor for programmers.

PSPad has many software development-oriented features, such as syntax highlighting and hex editing. It is designed as a universal GUI for editing many languages including PHP, Perl, HTML, and Java. It integrates the use of many project formats for handling and saving multiple files. Other features include autocompletion, tabs, FTP client and find/replace using regular expressions


7. JEdit (Available on all platforms)


JEdit is a programmers editor written in Java that beats many commercial editors in many ways. JEdit includes Syntax highlighting that provides native support for over 130 file formats like C++, Java, C#, PHP etc. It combines the best functionality of Unix, Windows and Mac OS text editors. Detailed supported file formats are here.


8. XEmacs (Available for Windows, Mac OS and Unix like platforms)


XEmacs is a graphical- and console-based text editor which runs on almost any Unix-like operating system as well as Microsoft Windows. XEmacs is a highly customizable open source text editor and application development system, a fork of GNU Emacs from the late 1980s. It supports syntax highlighting, compiler integration and many more features are supported. There is even a never ending debate on Vim versus XEmacs among users. Nevertheless, XEmacs as well as Vim are very powerful editors.


9 KWrite (Available for KDE/Linux)

KWrite is a text ediotr for the KDE environment that supports code folding, syntax coloring, word completion etc for languages like Java, C++, PHP etc.


Top 12 Open Source UML tools

One of the most popular languages that is used to represent software design is the UML. The Unified Modelling Language (UML) is used to spell out, visualise, modify, construct and document the artifacts of an object-oriented software system that is under development. If you work on software design, you would understand the importance of UML. It is by far the standardized general-purpose modelling language in the field of software engineering. UML combines the best practice from data modelling concepts such as entity relationship diagrams, business modelling (work flow), object modelling and component modelling. It can be used with all processes, throughout the software development life cycle, and across different implementation technologies. Using UML, one can write a system’s blueprints in a standard way, including conceptual components such as:

  • Actors
  • Business processes and
  • System’s components, and activities
Also, concrete things such as:

  • Programming language statements
  • Database schemas, and
  • Reusable software components

Recommended reading:

As a software developer, we always look for free open source tools that help in development. Here in this post we review 12 open source UML tools that are available:

1. StarUML

StarUML is an open source project to develop fast, flexible, extensible, featureful, and freely-available UML/MDA platform running on Win32 platform. The goal of the StarUML project is to build a software modelling tool and also platform that is a compelling replacement of commercial UML tools such as Rational Rose, Together and so on. Read more here.


2. Acceleo

Acceleo is a code generator that transforms models into code . Acceleo is easy to use and it provides “off the shelf” generators (JEE, .Net, Php…) and template editors for Eclipse. Read more here.


3. ArgoUML

ArgoUML is the leading open source UML modelling tool and includes support for all standard UML 1.4 diagrams. It runs on any Java platform and is available in ten languages. ArgoUML is written entirely in Java and uses the Java Foundation Classes. This allows ArgoUML to run on virtually any platform. Read more here.



BOUML is a free UML 2 tool box that allows you to specify and generate code in C++, Java, Idl, Php and Python. BOUML runs under Unix/Linux/Solaris, MacOS X(Power PC and Intel) and Windows. BOUML is very fast and doesn’t require much memory to manage several thousands of classes. Read more here.


5. Eclipse UML2 Tools

UML2 Tools is a set of GMF-based editors for viewing and editing UML models; it is focused on (eventual) automatic generation of editors for all UML diagram types.

The diagrams that will be initially supported (as part of the first release) include class, component, state machine, and activity diagrams. Read more here.

6. Umbrello UML Modeller

Umbrello UML Modeler is a UML diagram tool that can support you in the software development process. Especially during the analysis and design phases of this process, Umbrello UML Modeller will help you to get a high quality product. UML can also be used to document your software designs to help you and your fellow developers. Read more here.


7. Frame UML

Frame UML is a free UML tool that supports UML 2.xx. It can run on Windows(2000/XP/Vista) and generate source code /CHM from model, or parse source code into model by JavaScript. It supports 12 kinds of diagram except object diagram. It is very nice,simple, and easy to use. More here.

8. AmaterasUML

AmaterasUML is an Eclipse plug-in for drawing UML class-diagram, and UML sequence-diagram. More here.

9. Dia

It has special objects to help draw entity relationship diagrams, UML diagrams, flowcharts, network diagrams, and many other diagrams. More here.

10. Xholon

Xholon is a flexible open source tool for multi-paradigm (UML 2, ABM, SBML, NN, GP, PSys, CA, …) modelling, simulation, design, execution, and transformation. Generic Java and XML building blocks are extended into multiple domains, and woven into loosely organized systems. More here.

11.  TinyUML

TinyUML is a free software tool for easy and quick creation of UML 2 diagrams. It is implemented for the Java platform. More here.

12. Pamda

Pamda is an MDA tool (UML to code generator). It uses UML API to parse XMI and thus, unlike some other MDA tools, is lenient to XMI extensions. Implemented as Ant task and uses Velocity template engine. More here.

Juice – The cross-platform podcast receiver

Do you always miss your favorite audio podcasts? Do you miss your music shows that are broadcasted? Well, Juice is our answer to your problems !

Juice is a cross-platform absolutely FREE and open source, podcast aggregator used for downloading podcast media files, such as oggs and mp3s. It can bring you lemon fresh podcasts without fail.


Juice lets users select and download shows and music and play whenever they want on their iPods, portable digital media players, or computers automatically. Juice is currently available for Windows and MAC OS. to your problems


Related Posts with Thumbnails