SlideShare a Scribd company logo

Static Code Analysis Tools Comparison

Z
Zachary Blair

Cppcheck is a free static code analysis tool that finds bugs in C and C++ code without executing the program. It works by tokenizing, simplifying, and checking code for patterns that may indicate bugs. Some checks look for buffer overruns, unused functions, memory leaks, and invalid arguments. Cppcheck is cross-platform, has a GUI and command line interface, and has found hundreds of bugs in open source projects.

Technology
1 of 33
Download to read offline
 Static Code Analysis  Survey of Tools  Cppcheck
 Goal: Provide confidence that code is correct just by looking at it (without building or executing it).  Helps us find easy bugs buried in thousands of lines of code (not something people are great at).
 Formal Methods  Code Metrics  Reviews and Inspection
 Formal Methods: ◦ Mathematical! ◦ Require a mathematical model and assertions! ◦ Often require modeling the system as a finite state machine and verifying each state and transition.  Code Metrics  Reviews and Inspection
 Formal Methods: Too difficult! Static analysis is supposed to save time.  Code Metrics  Reviews and Inspection
 Formal Methods: Too difficult! Static analysis is supposed to save time.  Code Metrics: • Identify areas where bugs are likely. • Based on measures of code complexity rooted in graph theory (e.g. Cyclomatic complexity).  Reviews and Inspection
 Formal Methods: Too difficult! Static analysis is supposed to save time.  Code Metrics: Good, but doesn’t directly identify defects.  Reviews and Inspection
 Formal Methods: Too difficult! Static analysis is supposed to save time.  Code Metrics: Good, but doesn’t directly identify defects.  Reviews and Inspection • Just look at the code and try to find suspicious patterns. • Basically what we do when performing code reviews.
 Formal Methods: Too difficult! Static analysis is supposed to save time.  Code Metrics: Good, but doesn’t directly identify defects.  Reviews and Inspection Works pretty well!
 Static Code Analysis  Survey of Tools  Cppcheck
 Three Popular Commercial Tools: ◦ PC-Lint ◦ Klocwork Insight ◦ Coverity Prevent  One Free Software Tool: ◦ Cppcheck
 PC-Lint ◦ Commercial ◦ Works for C code ◦ Often reports many false positives. ◦ Probably the cheapest after Cppcheck (which is free)  Klocwork Insight  Coverity Prevent  Cppcheck
 PC-Lint  Klocwork Insight ◦ Commercial ◦ A spin-out of Nortel Networks ◦ Also includes project management and project visualization capabilities.  Coverity Prevent  Cppcheck
 PC-Lint  Klocworks Insight  Coverity Prevent ◦ Commercial ◦ Identified over 6000 bugs across 53 open-source projects. ◦ Developed from research at Stanford University.  Cppcheck
 PC-Lint  Klocworks Insight  Coverity Prevent  Cppcheck ◦ Open source ◦ Under active development. ◦ Has found > 400 bugs in open-source projects. ◦ Free!
 Static Code Analysis  Survey of Tools  Cppcheck
 Detects bugs in C and C++ source that compilers normally do not warn about!  Cross-platform (Windows, Linux, etc)  Fancy Qt-based GUI client! ◦ Also available in a command-line version  Usable via plugins from various IDEs (but not VS): ◦ Eclipse ◦ Code::Blocks ◦ Hudson, Jenkins
 Packages maintained for FreeBSD, Debian and Ubuntu systems (sudo apt-get install cppcheck)  Used to find bugs in many open-source projects: ◦ Linux Kernel: > 40 bugs found+fixed ◦ VLC Player: > 20 bugs found+fixed ◦ Others: 7-zip, curl, git, etc
 Bounds checking for array overruns  Memory and resource leaks  Unused private class functions  Use of deprecated functions  Wrong # of arguments given to printf or scanf  Switch cases that fall through suspiciously  Dozens of others…
Possible buffer overrun Memory leak: buf Should be “delete[] buf” Resource leak: file
Cppcheck finds many of the issues with that code (but not all)
Buffer overrun Suspicious format specifier for a pointer to a C string (but not necessary a bug)
 Bounds checking for array overruns  Unused private class functions  Use of deprecated functions  Memory and resource leaks  Dozens of others…
Preprocessor Source File Tokenizer Simplifier Results Checks Happy Developer
void foo(char* str) { if (str == 0) printf(str); else printf("Whoa"); } Tokenizer Simplifier void foo ( char * str ) { if ( ! str ) { printf ( str ) ; } else { printf ( "Whoa" ) ; } }
void foo(char* str) { if (str == 0) printf(str); else printf("Whoa"); } Indentation, spacing, NULL-checks and braces are normalized Tokenizer to simplify checks! Simplifier void foo ( char * str ) { if ( ! str ) { printf ( str ) ; } else { printf ( "Whoa" ) ; } }
void foo ( char * str ) { if ( ! str ) { printf ( str ) ; } else { printf ( "Whoa" ) ; } } Results Checks  Each check iterates over the tokens, and reports if it finds a suspicious pattern!  Checks implemented as C functions or XML documents that describe the pattern to look for.  Results categorized as error, warning, style, performance, portability, or informative.
 Cppcheck is a free tool for finding bugs in C++ source code.  It works by parsing the source code, splitting it into tokens and finding suspicious patterns in the tokens.
 Official project page: ◦ http://cppcheck.sourceforge.net/  Official source repository: ◦ https://github.com/danmar/cppc heck
Static Code Analysis Tools Comparison

Recommended

CI/CD with Azure DevOps and Azure Databricks
CI/CD with Azure DevOps and Azure DatabricksCI/CD with Azure DevOps and Azure Databricks
CI/CD with Azure DevOps and Azure DatabricksGoDataDriven
 
Netflix API - Separation of Concerns
Netflix API - Separation of ConcernsNetflix API - Separation of Concerns
Netflix API - Separation of ConcernsDaniel Jacobson
 
Past, Present and Future of DevOps Infrastructure
Past, Present and Future of DevOps InfrastructurePast, Present and Future of DevOps Infrastructure
Past, Present and Future of DevOps InfrastructureSynergetics Learning and Cloud Consulting
 
Organiser son CI/CD - présentation
Organiser son CI/CD - présentation Organiser son CI/CD - présentation
Organiser son CI/CD - présentation Julien Garderon
 
Showdown CI/CD - TeamCity
Showdown CI/CD - TeamCityShowdown CI/CD - TeamCity
Showdown CI/CD - TeamCityBoyan Mihaylov
 
Trunk based vs git flow
Trunk based vs git flowTrunk based vs git flow
Trunk based vs git flowHanokh Aloni
 
Modern Monitoring [ with Prometheus ]
Modern Monitoring [ with Prometheus ]Modern Monitoring [ with Prometheus ]
Modern Monitoring [ with Prometheus ]Haggai Philip Zagury
 
Zero Code Multi-Cloud Automation with Ansible and Terraform
Zero Code Multi-Cloud Automation with Ansible and TerraformZero Code Multi-Cloud Automation with Ansible and Terraform
Zero Code Multi-Cloud Automation with Ansible and TerraformAvi Networks
 

Recommended

CI/CD with Azure DevOps and Azure Databricks
CI/CD with Azure DevOps and Azure DatabricksCI/CD with Azure DevOps and Azure Databricks
CI/CD with Azure DevOps and Azure DatabricksGoDataDriven
 
Netflix API - Separation of Concerns
Netflix API - Separation of ConcernsNetflix API - Separation of Concerns
Netflix API - Separation of ConcernsDaniel Jacobson
 
Past, Present and Future of DevOps Infrastructure
Past, Present and Future of DevOps InfrastructurePast, Present and Future of DevOps Infrastructure
Past, Present and Future of DevOps InfrastructureSynergetics Learning and Cloud Consulting
 
Organiser son CI/CD - présentation
Organiser son CI/CD - présentation Organiser son CI/CD - présentation
Organiser son CI/CD - présentation Julien Garderon
 
Showdown CI/CD - TeamCity
Showdown CI/CD - TeamCityShowdown CI/CD - TeamCity
Showdown CI/CD - TeamCityBoyan Mihaylov
 
Trunk based vs git flow
Trunk based vs git flowTrunk based vs git flow
Trunk based vs git flowHanokh Aloni
 
Modern Monitoring [ with Prometheus ]
Modern Monitoring [ with Prometheus ]Modern Monitoring [ with Prometheus ]
Modern Monitoring [ with Prometheus ]Haggai Philip Zagury
 
Zero Code Multi-Cloud Automation with Ansible and Terraform
Zero Code Multi-Cloud Automation with Ansible and TerraformZero Code Multi-Cloud Automation with Ansible and Terraform
Zero Code Multi-Cloud Automation with Ansible and TerraformAvi Networks
 
Flusso Continuous Integration & Continuous Delivery
Flusso Continuous Integration & Continuous DeliveryFlusso Continuous Integration & Continuous Delivery
Flusso Continuous Integration & Continuous DeliveryJoost van der Griendt
 
Devops insights
Devops insightsDevops insights
Devops insightsMohammad Imran Ansari
 
Apache Spark 2.0: A Deep Dive Into Structured Streaming - by Tathagata Das
Apache Spark 2.0: A Deep Dive Into Structured Streaming - by Tathagata Das Apache Spark 2.0: A Deep Dive Into Structured Streaming - by Tathagata Das
Apache Spark 2.0: A Deep Dive Into Structured Streaming - by Tathagata Das Databricks
 
BlackDuck Suite
BlackDuck SuiteBlackDuck Suite
BlackDuck Suitejeff cheng
 
Specification-By-Example with Gherkin
Specification-By-Example with GherkinSpecification-By-Example with Gherkin
Specification-By-Example with GherkinChristian Hassa
 
Backlog Grooming - The Importance of Good Grooming Habits
Backlog Grooming - The Importance of Good Grooming HabitsBacklog Grooming - The Importance of Good Grooming Habits
Backlog Grooming - The Importance of Good Grooming HabitsIan Garrison
 
Agile Testing
Agile Testing Agile Testing
Agile Testing Intelliware Development Inc.
 
Introduction to GitHub Copilot
Introduction to GitHub CopilotIntroduction to GitHub Copilot
Introduction to GitHub CopilotAll Things Open
 
Application Quality Gates in Continuous Delivery: Deliver Better Software Fas...
Application Quality Gates in Continuous Delivery: Deliver Better Software Fas...Application Quality Gates in Continuous Delivery: Deliver Better Software Fas...
Application Quality Gates in Continuous Delivery: Deliver Better Software Fas...Andreas Grabner
 
Scaling Apache Spark at Facebook
Scaling Apache Spark at FacebookScaling Apache Spark at Facebook
Scaling Apache Spark at FacebookDatabricks
 
Transforming Organizations with CI/CD
Transforming Organizations with CI/CDTransforming Organizations with CI/CD
Transforming Organizations with CI/CDCprime
 
Presentación Agile Testing
Presentación Agile TestingPresentación Agile Testing
Presentación Agile Testingtbaires
 
How Salesforce built a Scalable, World-Class, Performance Engineering Team
How Salesforce built a Scalable, World-Class, Performance Engineering TeamHow Salesforce built a Scalable, World-Class, Performance Engineering Team
How Salesforce built a Scalable, World-Class, Performance Engineering TeamSalesforce Developers
 
Practical Guide to Scrum
Practical Guide to ScrumPractical Guide to Scrum
Practical Guide to ScrumPavel Dabrytski
 
Inceptions
InceptionsInceptions
InceptionsLuis Antonio Salazar Caraballo
 
Kanban
KanbanKanban
KanbanStefan Csosz
 
How to facilitate product backlog refinement sessions
How to facilitate product backlog refinement sessionsHow to facilitate product backlog refinement sessions
How to facilitate product backlog refinement sessionsLuxoftAgilePractice
 
Devops, the future is here, it's just not evenly distributed yet.
Devops, the future is here, it's just not evenly distributed yet.Devops, the future is here, it's just not evenly distributed yet.
Devops, the future is here, it's just not evenly distributed yet.Kris Buytaert
 
Azure DevOps Tests Plan
Azure DevOps Tests PlanAzure DevOps Tests Plan
Azure DevOps Tests PlanDenis Voituron
 
Definition of Done and Product Backlog refinement
Definition of Done and Product Backlog refinementDefinition of Done and Product Backlog refinement
Definition of Done and Product Backlog refinementChristian Vos
 
An Introduction to PC-Lint
An Introduction to PC-LintAn Introduction to PC-Lint
An Introduction to PC-LintRalf Holly
 
CppCheck - Static code analysis tool
CppCheck - Static code analysis toolCppCheck - Static code analysis tool
CppCheck - Static code analysis toolAvneet Kaur
 

More Related Content

What's hot

Flusso Continuous Integration & Continuous Delivery
Flusso Continuous Integration & Continuous DeliveryFlusso Continuous Integration & Continuous Delivery
Flusso Continuous Integration & Continuous DeliveryJoost van der Griendt
 
Apache Spark 2.0: A Deep Dive Into Structured Streaming - by Tathagata Das
Apache Spark 2.0: A Deep Dive Into Structured Streaming - by Tathagata Das Apache Spark 2.0: A Deep Dive Into Structured Streaming - by Tathagata Das
Apache Spark 2.0: A Deep Dive Into Structured Streaming - by Tathagata Das Databricks
 
BlackDuck Suite
BlackDuck SuiteBlackDuck Suite
BlackDuck Suitejeff cheng
 
Specification-By-Example with Gherkin
Specification-By-Example with GherkinSpecification-By-Example with Gherkin
Specification-By-Example with GherkinChristian Hassa
 
Backlog Grooming - The Importance of Good Grooming Habits
Backlog Grooming - The Importance of Good Grooming HabitsBacklog Grooming - The Importance of Good Grooming Habits
Backlog Grooming - The Importance of Good Grooming HabitsIan Garrison
 
Introduction to GitHub Copilot
Introduction to GitHub CopilotIntroduction to GitHub Copilot
Introduction to GitHub CopilotAll Things Open
 
Application Quality Gates in Continuous Delivery: Deliver Better Software Fas...
Application Quality Gates in Continuous Delivery: Deliver Better Software Fas...Application Quality Gates in Continuous Delivery: Deliver Better Software Fas...
Application Quality Gates in Continuous Delivery: Deliver Better Software Fas...Andreas Grabner
 
Scaling Apache Spark at Facebook
Scaling Apache Spark at FacebookScaling Apache Spark at Facebook
Scaling Apache Spark at FacebookDatabricks
 
Transforming Organizations with CI/CD
Transforming Organizations with CI/CDTransforming Organizations with CI/CD
Transforming Organizations with CI/CDCprime
 
Presentación Agile Testing
Presentación Agile TestingPresentación Agile Testing
Presentación Agile Testingtbaires
 
How Salesforce built a Scalable, World-Class, Performance Engineering Team
How Salesforce built a Scalable, World-Class, Performance Engineering TeamHow Salesforce built a Scalable, World-Class, Performance Engineering Team
How Salesforce built a Scalable, World-Class, Performance Engineering TeamSalesforce Developers
 
Practical Guide to Scrum
Practical Guide to ScrumPractical Guide to Scrum
Practical Guide to ScrumPavel Dabrytski
 
How to facilitate product backlog refinement sessions
How to facilitate product backlog refinement sessionsHow to facilitate product backlog refinement sessions
How to facilitate product backlog refinement sessionsLuxoftAgilePractice
 
Devops, the future is here, it's just not evenly distributed yet.
Devops, the future is here, it's just not evenly distributed yet.Devops, the future is here, it's just not evenly distributed yet.
Devops, the future is here, it's just not evenly distributed yet.Kris Buytaert
 
Azure DevOps Tests Plan
Azure DevOps Tests PlanAzure DevOps Tests Plan
Azure DevOps Tests PlanDenis Voituron
 
Definition of Done and Product Backlog refinement
Definition of Done and Product Backlog refinementDefinition of Done and Product Backlog refinement
Definition of Done and Product Backlog refinementChristian Vos
 

What's hot (20)

Flusso Continuous Integration & Continuous Delivery
Flusso Continuous Integration & Continuous DeliveryFlusso Continuous Integration & Continuous Delivery
Flusso Continuous Integration & Continuous Delivery
 
Devops insights
Devops insightsDevops insights
Devops insights
 
Apache Spark 2.0: A Deep Dive Into Structured Streaming - by Tathagata Das
Apache Spark 2.0: A Deep Dive Into Structured Streaming - by Tathagata Das Apache Spark 2.0: A Deep Dive Into Structured Streaming - by Tathagata Das
Apache Spark 2.0: A Deep Dive Into Structured Streaming - by Tathagata Das
 
BlackDuck Suite
BlackDuck SuiteBlackDuck Suite
BlackDuck Suite
 
Specification-By-Example with Gherkin
Specification-By-Example with GherkinSpecification-By-Example with Gherkin
Specification-By-Example with Gherkin
 
Backlog Grooming - The Importance of Good Grooming Habits
Backlog Grooming - The Importance of Good Grooming HabitsBacklog Grooming - The Importance of Good Grooming Habits
Backlog Grooming - The Importance of Good Grooming Habits
 
Agile Testing
Agile Testing Agile Testing
Agile Testing
 
Introduction to GitHub Copilot
Introduction to GitHub CopilotIntroduction to GitHub Copilot
Introduction to GitHub Copilot
 
Application Quality Gates in Continuous Delivery: Deliver Better Software Fas...
Application Quality Gates in Continuous Delivery: Deliver Better Software Fas...Application Quality Gates in Continuous Delivery: Deliver Better Software Fas...
Application Quality Gates in Continuous Delivery: Deliver Better Software Fas...
 
Scaling Apache Spark at Facebook
Scaling Apache Spark at FacebookScaling Apache Spark at Facebook
Scaling Apache Spark at Facebook
 
Transforming Organizations with CI/CD
Transforming Organizations with CI/CDTransforming Organizations with CI/CD
Transforming Organizations with CI/CD
 
Presentación Agile Testing
Presentación Agile TestingPresentación Agile Testing
Presentación Agile Testing
 
How Salesforce built a Scalable, World-Class, Performance Engineering Team
How Salesforce built a Scalable, World-Class, Performance Engineering TeamHow Salesforce built a Scalable, World-Class, Performance Engineering Team
How Salesforce built a Scalable, World-Class, Performance Engineering Team
 
Practical Guide to Scrum
Practical Guide to ScrumPractical Guide to Scrum
Practical Guide to Scrum
 
Inceptions
InceptionsInceptions
Inceptions
 
Kanban
KanbanKanban
Kanban
 
How to facilitate product backlog refinement sessions
How to facilitate product backlog refinement sessionsHow to facilitate product backlog refinement sessions
How to facilitate product backlog refinement sessions
 
Devops, the future is here, it's just not evenly distributed yet.
Devops, the future is here, it's just not evenly distributed yet.Devops, the future is here, it's just not evenly distributed yet.
Devops, the future is here, it's just not evenly distributed yet.
 
Azure DevOps Tests Plan
Azure DevOps Tests PlanAzure DevOps Tests Plan
Azure DevOps Tests Plan
 
Definition of Done and Product Backlog refinement
Definition of Done and Product Backlog refinementDefinition of Done and Product Backlog refinement
Definition of Done and Product Backlog refinement
 

Viewers also liked

An Introduction to PC-Lint
An Introduction to PC-LintAn Introduction to PC-Lint
An Introduction to PC-LintRalf Holly
 
CppCheck - Static code analysis tool
CppCheck - Static code analysis toolCppCheck - Static code analysis tool
CppCheck - Static code analysis toolAvneet Kaur
 
Static Analysis and the FDA Guidance for Medical Device Software
Static Analysis and the FDA Guidance for Medical Device SoftwareStatic Analysis and the FDA Guidance for Medical Device Software
Static Analysis and the FDA Guidance for Medical Device SoftwareErika Barron
 
Static Code Analysis and AutoLint
Static Code Analysis and AutoLintStatic Code Analysis and AutoLint
Static Code Analysis and AutoLintLeander Hasty
 
Static Code Analysis
Static Code AnalysisStatic Code Analysis
Static Code AnalysisAnnyce Davis
 
The Art of Writing Efficient Software
The Art of Writing Efficient SoftwareThe Art of Writing Efficient Software
The Art of Writing Efficient SoftwareRalf Holly
 
Using gcov and lcov
Using gcov and lcovUsing gcov and lcov
Using gcov and lcovtest test
 
Prepare for PHP Test Fest 2009
Prepare for PHP Test Fest 2009Prepare for PHP Test Fest 2009
Prepare for PHP Test Fest 2009PHPBelgium
 
Александр Сомов "C++: препроцессор, компилятор, компоновщик"
Александр Сомов "C++: препроцессор, компилятор, компоновщик"Александр Сомов "C++: препроцессор, компилятор, компоновщик"
Александр Сомов "C++: препроцессор, компилятор, компоновщик"Yandex
 
Automation using RobotFramework for embedded device
Automation using RobotFramework for embedded deviceAutomation using RobotFramework for embedded device
Automation using RobotFramework for embedded deviceSrix Sriramkumar
 
Sonarqube 20160509
Sonarqube 20160509Sonarqube 20160509
Sonarqube 20160509영석 조
 
Code coverage & tools
Code coverage & toolsCode coverage & tools
Code coverage & toolsRajesh Kumar
 
SVN에서 GIT으로 전환하기
SVN에서 GIT으로 전환하기SVN에서 GIT으로 전환하기
SVN에서 GIT으로 전환하기재윤 정
 
Top 10 static code analysis tool
Top 10 static code analysis toolTop 10 static code analysis tool
Top 10 static code analysis toolscmGalaxy Inc
 

Viewers also liked (19)

An Introduction to PC-Lint
An Introduction to PC-LintAn Introduction to PC-Lint
An Introduction to PC-Lint
 
CppCheck - Static code analysis tool
CppCheck - Static code analysis toolCppCheck - Static code analysis tool
CppCheck - Static code analysis tool
 
Static Analysis and the FDA Guidance for Medical Device Software
Static Analysis and the FDA Guidance for Medical Device SoftwareStatic Analysis and the FDA Guidance for Medical Device Software
Static Analysis and the FDA Guidance for Medical Device Software
 
Static Code Analysis and AutoLint
Static Code Analysis and AutoLintStatic Code Analysis and AutoLint
Static Code Analysis and AutoLint
 
Static Code Analysis
Static Code AnalysisStatic Code Analysis
Static Code Analysis
 
The Art of Writing Efficient Software
The Art of Writing Efficient SoftwareThe Art of Writing Efficient Software
The Art of Writing Efficient Software
 
Using gcov and lcov
Using gcov and lcovUsing gcov and lcov
Using gcov and lcov
 
Prepare for PHP Test Fest 2009
Prepare for PHP Test Fest 2009Prepare for PHP Test Fest 2009
Prepare for PHP Test Fest 2009
 
Александр Сомов "C++: препроцессор, компилятор, компоновщик"
Александр Сомов "C++: препроцессор, компилятор, компоновщик"Александр Сомов "C++: препроцессор, компилятор, компоновщик"
Александр Сомов "C++: препроцессор, компилятор, компоновщик"
 
Frama c
Frama cFrama c
Frama c
 
Static code analysis
Static code analysisStatic code analysis
Static code analysis
 
Automation using RobotFramework for embedded device
Automation using RobotFramework for embedded deviceAutomation using RobotFramework for embedded device
Automation using RobotFramework for embedded device
 
Sonarqube 20160509
Sonarqube 20160509Sonarqube 20160509
Sonarqube 20160509
 
Code coverage & tools
Code coverage & toolsCode coverage & tools
Code coverage & tools
 
SVN에서 GIT으로 전환하기
SVN에서 GIT으로 전환하기SVN에서 GIT으로 전환하기
SVN에서 GIT으로 전환하기
 
Splints
SplintsSplints
Splints
 
Splint and tractions
Splint and tractionsSplint and tractions
Splint and tractions
 
Top 10 static code analysis tool
Top 10 static code analysis toolTop 10 static code analysis tool
Top 10 static code analysis tool
 
Splint ppt by rupeshkumar
Splint ppt by rupeshkumarSplint ppt by rupeshkumar
Splint ppt by rupeshkumar
 

Similar to Static Code Analysis Tools Comparison

Code Analysis-run time error prediction
Code Analysis-run time error predictionCode Analysis-run time error prediction
Code Analysis-run time error predictionNIKHIL NAWATHE
 
Why Rust? - Matthias Endler - Codemotion Amsterdam 2016
Why Rust? - Matthias Endler - Codemotion Amsterdam 2016Why Rust? - Matthias Endler - Codemotion Amsterdam 2016
Why Rust? - Matthias Endler - Codemotion Amsterdam 2016Codemotion
 
Improving code quality with Roslyn analyzers
Improving code quality with Roslyn analyzersImproving code quality with Roslyn analyzers
Improving code quality with Roslyn analyzersJim Wooley
 
CNIT 127: Ch 18: Source Code Auditing
CNIT 127: Ch 18: Source Code AuditingCNIT 127: Ch 18: Source Code Auditing
CNIT 127: Ch 18: Source Code AuditingSam Bowne
 
Embedded system
Embedded systemEmbedded system
Embedded systemsilpak19
 
Control hijacking
Control hijackingControl hijacking
Control hijackingG Prachi
 
API Testing: The heart of functional testing" with Bj Rollison
API Testing: The heart of functional testing" with Bj RollisonAPI Testing: The heart of functional testing" with Bj Rollison
API Testing: The heart of functional testing" with Bj RollisonTEST Huddle
 
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareUsing Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareLastline, Inc.
 
Reducing Redundancies in Multi-Revision Code Analysis
Reducing Redundancies in Multi-Revision Code AnalysisReducing Redundancies in Multi-Revision Code Analysis
Reducing Redundancies in Multi-Revision Code AnalysisSebastiano Panichella
 
How to Connect SystemVerilog with Octave
How to Connect SystemVerilog with OctaveHow to Connect SystemVerilog with Octave
How to Connect SystemVerilog with OctaveAmiq Consulting
 
Embedded c & working with avr studio
Embedded c & working with avr studioEmbedded c & working with avr studio
Embedded c & working with avr studioNitesh Singh
 
[2011 CodeEngn Conference 05] Deok9 - DBI(Dynamic Binary Instrumentation)를 이용...
[2011 CodeEngn Conference 05] Deok9 - DBI(Dynamic Binary Instrumentation)를 이용...[2011 CodeEngn Conference 05] Deok9 - DBI(Dynamic Binary Instrumentation)를 이용...
[2011 CodeEngn Conference 05] Deok9 - DBI(Dynamic Binary Instrumentation)를 이용...GangSeok Lee
 
C101 – Intro to Programming with C
C101 – Intro to Programming with CC101 – Intro to Programming with C
C101 – Intro to Programming with Cgpsoft_sk
 
The operation principles of PVS-Studio static code analyzer
The operation principles of PVS-Studio static code analyzerThe operation principles of PVS-Studio static code analyzer
The operation principles of PVS-Studio static code analyzerAndrey Karpov
 
C Programming Training in Ambala ! Batra Computer Centre
C Programming Training in Ambala ! Batra Computer CentreC Programming Training in Ambala ! Batra Computer Centre
C Programming Training in Ambala ! Batra Computer Centrejatin batra
 
0-Slot14-15-16-Libraries.pdf
0-Slot14-15-16-Libraries.pdf0-Slot14-15-16-Libraries.pdf
0-Slot14-15-16-Libraries.pdfssusere19c741
 
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017Andrey Karpov
 
Week1 Electronic System-level ESL Design and SystemC Begin
Week1 Electronic System-level ESL Design and SystemC BeginWeek1 Electronic System-level ESL Design and SystemC Begin
Week1 Electronic System-level ESL Design and SystemC Begin敬倫 林
 

Similar to Static Code Analysis Tools Comparison (20)

Code Analysis-run time error prediction
Code Analysis-run time error predictionCode Analysis-run time error prediction
Code Analysis-run time error prediction
 
CodeChecker Overview Nov 2019
CodeChecker Overview Nov 2019CodeChecker Overview Nov 2019
CodeChecker Overview Nov 2019
 
Why Rust? - Matthias Endler - Codemotion Amsterdam 2016
Why Rust? - Matthias Endler - Codemotion Amsterdam 2016Why Rust? - Matthias Endler - Codemotion Amsterdam 2016
Why Rust? - Matthias Endler - Codemotion Amsterdam 2016
 
Improving code quality with Roslyn analyzers
Improving code quality with Roslyn analyzersImproving code quality with Roslyn analyzers
Improving code quality with Roslyn analyzers
 
CNIT 127: Ch 18: Source Code Auditing
CNIT 127: Ch 18: Source Code AuditingCNIT 127: Ch 18: Source Code Auditing
CNIT 127: Ch 18: Source Code Auditing
 
Embedded system
Embedded systemEmbedded system
Embedded system
 
Control hijacking
Control hijackingControl hijacking
Control hijacking
 
API Testing: The heart of functional testing" with Bj Rollison
API Testing: The heart of functional testing" with Bj RollisonAPI Testing: The heart of functional testing" with Bj Rollison
API Testing: The heart of functional testing" with Bj Rollison
 
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in FirmwareUsing Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
 
Reducing Redundancies in Multi-Revision Code Analysis
Reducing Redundancies in Multi-Revision Code AnalysisReducing Redundancies in Multi-Revision Code Analysis
Reducing Redundancies in Multi-Revision Code Analysis
 
How to Connect SystemVerilog with Octave
How to Connect SystemVerilog with OctaveHow to Connect SystemVerilog with Octave
How to Connect SystemVerilog with Octave
 
Embedded c & working with avr studio
Embedded c & working with avr studioEmbedded c & working with avr studio
Embedded c & working with avr studio
 
[2011 CodeEngn Conference 05] Deok9 - DBI(Dynamic Binary Instrumentation)를 이용...
[2011 CodeEngn Conference 05] Deok9 - DBI(Dynamic Binary Instrumentation)를 이용...[2011 CodeEngn Conference 05] Deok9 - DBI(Dynamic Binary Instrumentation)를 이용...
[2011 CodeEngn Conference 05] Deok9 - DBI(Dynamic Binary Instrumentation)를 이용...
 
report
reportreport
report
 
C101 – Intro to Programming with C
C101 – Intro to Programming with CC101 – Intro to Programming with C
C101 – Intro to Programming with C
 
The operation principles of PVS-Studio static code analyzer
The operation principles of PVS-Studio static code analyzerThe operation principles of PVS-Studio static code analyzer
The operation principles of PVS-Studio static code analyzer
 
C Programming Training in Ambala ! Batra Computer Centre
C Programming Training in Ambala ! Batra Computer CentreC Programming Training in Ambala ! Batra Computer Centre
C Programming Training in Ambala ! Batra Computer Centre
 
0-Slot14-15-16-Libraries.pdf
0-Slot14-15-16-Libraries.pdf0-Slot14-15-16-Libraries.pdf
0-Slot14-15-16-Libraries.pdf
 
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
PVS-Studio. Static code analyzer. Windows/Linux, C/C++/C#. 2017
 
Week1 Electronic System-level ESL Design and SystemC Begin
Week1 Electronic System-level ESL Design and SystemC BeginWeek1 Electronic System-level ESL Design and SystemC Begin
Week1 Electronic System-level ESL Design and SystemC Begin
 

Recently uploaded

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 

Recently uploaded (20)

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 

Static Code Analysis Tools Comparison

  • 1.
  • 2. Static Code Analysis  Survey of Tools  Cppcheck
  • 3. Goal: Provide confidence that code is correct just by looking at it (without building or executing it).  Helps us find easy bugs buried in thousands of lines of code (not something people are great at).
  • 4. Formal Methods  Code Metrics  Reviews and Inspection
  • 5. Formal Methods: ◦ Mathematical! ◦ Require a mathematical model and assertions! ◦ Often require modeling the system as a finite state machine and verifying each state and transition.  Code Metrics  Reviews and Inspection
  • 6. Formal Methods: Too difficult! Static analysis is supposed to save time.  Code Metrics  Reviews and Inspection
  • 7. Formal Methods: Too difficult! Static analysis is supposed to save time.  Code Metrics: • Identify areas where bugs are likely. • Based on measures of code complexity rooted in graph theory (e.g. Cyclomatic complexity).  Reviews and Inspection
  • 8. Formal Methods: Too difficult! Static analysis is supposed to save time.  Code Metrics: Good, but doesn’t directly identify defects.  Reviews and Inspection
  • 9. Formal Methods: Too difficult! Static analysis is supposed to save time.  Code Metrics: Good, but doesn’t directly identify defects.  Reviews and Inspection • Just look at the code and try to find suspicious patterns. • Basically what we do when performing code reviews.
  • 10. Formal Methods: Too difficult! Static analysis is supposed to save time.  Code Metrics: Good, but doesn’t directly identify defects.  Reviews and Inspection Works pretty well!
  • 11. Static Code Analysis  Survey of Tools  Cppcheck
  • 12. Three Popular Commercial Tools: ◦ PC-Lint ◦ Klocwork Insight ◦ Coverity Prevent  One Free Software Tool: ◦ Cppcheck
  • 13. PC-Lint ◦ Commercial ◦ Works for C code ◦ Often reports many false positives. ◦ Probably the cheapest after Cppcheck (which is free)  Klocwork Insight  Coverity Prevent  Cppcheck
  • 14. PC-Lint  Klocwork Insight ◦ Commercial ◦ A spin-out of Nortel Networks ◦ Also includes project management and project visualization capabilities.  Coverity Prevent  Cppcheck
  • 15. PC-Lint  Klocworks Insight  Coverity Prevent ◦ Commercial ◦ Identified over 6000 bugs across 53 open-source projects. ◦ Developed from research at Stanford University.  Cppcheck
  • 16. PC-Lint  Klocworks Insight  Coverity Prevent  Cppcheck ◦ Open source ◦ Under active development. ◦ Has found > 400 bugs in open-source projects. ◦ Free!
  • 17. Static Code Analysis  Survey of Tools  Cppcheck
  • 18. Detects bugs in C and C++ source that compilers normally do not warn about!  Cross-platform (Windows, Linux, etc)  Fancy Qt-based GUI client! ◦ Also available in a command-line version  Usable via plugins from various IDEs (but not VS): ◦ Eclipse ◦ Code::Blocks ◦ Hudson, Jenkins
  • 19. Packages maintained for FreeBSD, Debian and Ubuntu systems (sudo apt-get install cppcheck)  Used to find bugs in many open-source projects: ◦ Linux Kernel: > 40 bugs found+fixed ◦ VLC Player: > 20 bugs found+fixed ◦ Others: 7-zip, curl, git, etc
  • 20. Bounds checking for array overruns  Memory and resource leaks  Unused private class functions  Use of deprecated functions  Wrong # of arguments given to printf or scanf  Switch cases that fall through suspiciously  Dozens of others…
  • 21.
  • 22. Possible buffer overrun Memory leak: buf Should be “delete[] buf” Resource leak: file
  • 23. Cppcheck finds many of the issues with that code (but not all)
  • 24.
  • 25. Buffer overrun Suspicious format specifier for a pointer to a C string (but not necessary a bug)
  • 26. Bounds checking for array overruns  Unused private class functions  Use of deprecated functions  Memory and resource leaks  Dozens of others…
  • 27. Preprocessor Source File Tokenizer Simplifier Results Checks Happy Developer
  • 28. void foo(char* str) { if (str == 0) printf(str); else printf("Whoa"); } Tokenizer Simplifier void foo ( char * str ) { if ( ! str ) { printf ( str ) ; } else { printf ( "Whoa" ) ; } }
  • 29. void foo(char* str) { if (str == 0) printf(str); else printf("Whoa"); } Indentation, spacing, NULL-checks and braces are normalized Tokenizer to simplify checks! Simplifier void foo ( char * str ) { if ( ! str ) { printf ( str ) ; } else { printf ( "Whoa" ) ; } }
  • 30. void foo ( char * str ) { if ( ! str ) { printf ( str ) ; } else { printf ( "Whoa" ) ; } } Results Checks  Each check iterates over the tokens, and reports if it finds a suspicious pattern!  Checks implemented as C functions or XML documents that describe the pattern to look for.  Results categorized as error, warning, style, performance, portability, or informative.
  • 31.  Cppcheck is a free tool for finding bugs in C++ source code.  It works by parsing the source code, splitting it into tokens and finding suspicious patterns in the tokens.
  • 32.  Official project page: ◦ http://cppcheck.sourceforge.net/  Official source repository: ◦ https://github.com/danmar/cppc heck