Tag Archive for static code analysis

60+ Open Source Developer Tools That Will Boost Your Productivity, Improve Quality

Though there are so many commercially available tools with good customer support, developers are always on the lookout for free and Open Source tools. Here in this post we present 60+ open source tools that any developer can pick and choose from according to the requirements. These tools improve the quality of work and boost the productivity of developers.

Tools


7 Open Source UML Modelers

The Unified Modeling Language (UML) is the most popular open method used to specify, visualize, construct and document the artifacts of an object-oriented software-intensive system that is under development. UML Modelers is another must have design tool.

10 Free Text Editors

Text and Source Code editors are always needed for any developer and editors with lots of features always a best companion for a developer. All these editors are customizable, support multiple file formats, syntax highlighting and support compiler integration. There editors are followed by a huge user base who cannot leave without them.

5 Open Source Code Review Tools

Code review is another area where most developers have problems with. This is basically due to the lack of quality tools available forcing developers to perform code reviews via emails. There are good open source code review tools available to assist the developers to perform code review process effectively

10 Code Coverage Tools for C & C++

Code coverage is a measure used in software testing that describes the degree to which the source code of a program has been tested. It a form of white box testing as it is a form of testing that inspects the code directly. To measure how well the software is tested by a test suite, one or more coverage criteria are used. The tools featured here provide an easy way to measure code coverage with a number of code coverage criteria’s like function coverage, statement overage, decision coverage etc.

12 Source Code Profilers for C & C++

Code Profilers are very distinct from traditional debuggers. They are able to catch the trivial and non fatal coding errors which are often hard for humans to catch. These trivial bugs later claim weeks of debugging and extra cost to fix. Code profilers will save you hours of debugging time. These tools can automatically detect many memory management and threading, etc bugs. These 12 tools featured here will give you the confidence that your programs are free from many common bugs, some of which would take hours to find manually, or never be found at all.

11 free tools for static code analysis

Static code analysis is the analysis of a code that is performed without actually executing program build. The analysis is performed by tools varying from those that only considers the behavior of individual statements and declarations, to those that include the complete source code of a program in their analysis. These 11 tools highlights possible coding errors (e.g., the lint tool), possible memory leaks etc

8 Best of All Open Source Developer Tools

10 hand picked top free and open source tools for RIA platform, AJAX framework, business rule management system, parallel programming, version control package, object database, Web service test tool, and HTTP client library

10+ free tools for static code analysis

We had featured some free open source tools for UML and Code Review. In this article we will provide another set of useful tools for developers to perform static code analysis.

bugs

Static code analysis is the analysis of a code that is performed without actually executing program build. The analysis is performed by tools varying from those that only considers the behavior of individual statements and declarations, to those that include the complete source code of a program in their analysis. The analysis highlights possible coding errors (e.g., the lint tool), possible memory leaks etc. There are a number of free tools available for performing static code analysis for multiple languages. Here is the list of them:

Multi-language Support

1. RATS – Rough Auditing Tool for Security

RATS – Rough Auditing Tool for Security – is an open source tool developed and maintained by Secure Software security engineers.

RATS is a tool for scanning C, C++, Perl, PHP and Python source code and flagging common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions. RATS scanning tool provides a security analyst with a list of potential trouble spots on which to focus, along with describing the problem, and potentially suggest remedies. It also provides a relative assessment of the potential severity of each problem, to better help an auditor prioritize. This tool also performs some basic analysis to try to rule out conditions that are obviously not problems.

2. Yasica

Yet Another Source Code Analyzer is a plugin-based framework for scanning arbitrary file types like C/C++, Java, JavaScript, ASP, PHP, HTML/CSS, ColdFusion, COBOL, and other file types. It integrates with other scanners, including FindBugs, JLint, PMD, and Pixy. Yasca is a command-line tool. Just point it at your code base and watch it go to work. The output is an HTML file containing all findings.

Java Support

1. Checkstyle

Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. It automates the process of checking Java code to spare humans of this boring (but important) task. This makes it ideal for projects that want to enforce a coding standard.

Checkstyle is highly configurable and can be made to support almost any coding standard. An example configuration file is supplied supporting the Sun Code Conventions. As well, other sample configuration files are supplied for other well known conventions. Checkstyle is most useful if you integrate it in your build process or your development environment

2. FindBugs

Its an open-source static bytecode analyzer for Java (based on Jakarta BCEL) from the University of Maryland. It uses static analysis to look for bugs in Java code FindBugs requires JRE (or JDK) 1.5.0 or later to run.  However, it can analyze programs compiled for any version of Java

3. PMD

PMD scans Java source code and looks for potential problems like:

  • Possible bugs – empty try/catch/finally/switch statements
  • Dead code – unused local variables, parameters and private methods
  • Suboptimal code – wasteful String/StringBuffer usage
  • Overcomplicated expressions – unnecessary if statements, for loops that could be while loops
  • Duplicate code – copied/pasted code means copied/pasted bugs

PMD is integrated with JDeveloper, Eclipse, JEdit, JBuilder, BlueJ, CodeGuide, NetBeans/Sun Java Studio Enterprise/Creator, IntelliJ IDEA, TextPad, Maven, Ant, Gel, JCreator, and Emacs.

4. Hammurapi

It aims to make development in Java language more robust. Hammurapi code review system captures coding best practices and delivers them to developers’ fingertips. It also generates consolidated reports for lead developers, architects, and managers to monitor codebase quality and evolution.

C Language support

1. Sparse

Sparse, the semantic parser, provides a compiler frontend capable of parsing most of ANSI C as well as many GCC extensions, and a collection of sample compiler backends, including a static analyzer also called “sparse”. Sparse provides a set of annotations designed to convey semantic information about types, such as what address space pointers point to, or what locks a function acquires or releases. Sparse is a tool designed to find possible coding faults in the Linux kernel. This static analysis tool differed from other such tools in that it was initially designed to flag constructs that were only likely to be of interest to kernel developers. Sparse contains built-in checks for known problematic and a set of annotations designed to convey semantic information about types, such as what address space pointers point to, or what locks a function acquires or releases.

2. Splint

Splint is an open source evolved version of Lint. Splint is a tool for statically checking C programs for security vulnerabilities and coding mistakes. With minimal effort, Splint can be used as a better lint. If additional effort is invested adding annotations to programs, Splint can perform stronger checking than can be done by any standard lint.

3. Uno

Uno is a simple tool for source code analysis.  It is designed to intercept primarily the three most common types of software defects:

  • Use of uninitialized variable,
  • Nil-pointer references, and
  • Out-of-bounds array indexing.

It allows for the specification and checking of a broad range of user-defined properties that can extend the checking power of the tool in an application driven way. Properties can be specified, for instance, for checking lock order disciplines, compliance with user-defined interrupt masking rules, rules stipulating that all memory allocated must be freed, etc.

4. BLAST

BLAST is a software model checker for C programs.  The goal of BLAST is to be able to check that software satisfies behavioral properties of the interfaces it uses. BLAST uses counterexample-driven automatic abstraction refinement to construct an abstract model which is model checked for safety properties. The abstraction is constructed on-the-fly, and only to the required precision.

C++ Support

1. Cppcheck

Cppcheck is a tool for static C/C++ code analysis. This program tries to detect bugs that your C/C++ compiler don’t see. Most common errors it finds are memory leaks within a function range. It has found 21 confirmed and fixed bugs in the Linux kernel and many more from other open source projects. Cppcheck is free software released under the terms of the GNU General Public License. It is written in C++

Related Posts with Thumbnails