Zum Hauptinhalt springen

C - Static Analyzer Tools 

 1// Static Analyzer
 2// ------------------------------------------------------------------------
 3
 4// A static analyzer tool parses the source code and gives some information
 5// ofknown programmer faults. With such tools you can find some critical
 6// and security buggs very easy. The analyzer checks the code with
 7// predefined rules and shows you many warnings and errors, also false
 8// positive failures. To avoid the false positive warning/error output the
 9// user can modify the rules.
10
11// PC-lint for C/C++ from Gimpel Software (http://www.gimpel.com/)
12//     - static analyzer with defined rules for MISRA-standard
13//     - command line tool, easy to integrate for many IDEs
14//       (e.g. MPLAB from Microchip)
15//     - Win, Dos, OS2
16//     - *.lnt files for rule checker configuration
17//       (e.g. co-picc.lnt for hitex C-compiler)
18//     - usage: lint co-picc.lnt test.c
19
20// Splint for C (http://splint.org/)
21//     - static analyzer
22//     - command line tool
23//     - Win, Source-Code available
24//     - usage: splint test.c
25
26// Flawfinder for C/C++ (http://www.dwheeler.com/flawfinder/)
27//     - reports possible security weaknesses - "flaws"
28//       (race conditions, access violations, buffer overflows, ...)
29//     - Linux, Source-Code available
30
31// RATS
32//     - Rough Auditing Tool for Security
33//       (https://www.fortify.com/ssa-elements/threat-intelligence/rats.html)
34//     - analyzes C, C++, Perl, PHP and Python source code for
35//       security weakness (race conditions, access violations,
36//       weak random, buffer overflows, ...)
37//     - Win, Source-Code available
38//     - usage: rats --warning 1 --html test.c >output.html
39//                             1 ... only major failures
40//                             2 ... middle warning density
41//                             3 ... show all failures
42//                               --html ... output html formated
43//                               --xml  ... output xml formated
44
45// other useful tools:
46//     - BLAST - Berkeley Lazy Abstraction Software Verification Tool
47//       (http://mtc.epfl.ch/software-tools/blast/index-epfl.php)
48//     - PScan (http://deployingradius.com/pscan/)
49//     - ITS4 (http://www.cigital.com/its4/)
50//     - Frama-C (http://frama-c.com/)