[sllug-members]: [sllug-members] tools for source code analysis

Nelson H. F. Beebe beebe at math.utah.edu
Wed Jul 1 14:53:44 MDT 2009 

Thanks to a pointer in the Dr Dobbs editorial column in Information
Week magazine last week, I found useful Web sites maintained by NIST
(National Institute of Standards and Technology):

	https://buildsecurityin.us-cert.gov/
	http://samate.nist.gov/index.php/Source_Code_Security_Analyzers.html

The first discusses software security in general, and the second
contains an extensive list of tools for analyzing source code in
several programming languages, including C, C++, Java, Ada, PHP, C#,
Visual Basic, and so on.  Some of them are commercial products, but
many are freely available.  Since software bugs continue to plague the
industry, tools that can help find errors before users/customers do
are badly needed.

I am familiar with a few of the listed tools (flawfinder, its4, rats,
and splint), but there are many others to investigate.  I tried uno,
and got it to build on GNU/Linux AMD64 and IA-64, and Sun Solaris
SPARC.  It needs packaging work to clean up the build and installation
process, but seems to be workable.  I then applied it to a large
software library that I'm writing, where the code has already been
subjected to many C and C++ compilers, and the other tools listed
above; to my surprise, uno turned up a few problems that were not
previously caught, and I have now fixed them.

The cca (C Code Analyzer) tool looked particularly interesting, but I
have been unable to build it successfully, or find a binary
installation package.

Reports on this list of user experience with other packages in the
NIST Web pages will be welcome.

-------------------------------------------------------------------------------
- Nelson H. F. Beebe                    Tel: +1 801 581 5254                  -
- University of Utah                    FAX: +1 801 581 4148                  -
- Department of Mathematics, 110 LCB    Internet e-mail: beebe at math.utah.edu  -
- 155 S 1400 E RM 233                       beebe at acm.org  beebe at computer.org -
- Salt Lake City, UT 84112-0090, USA    URL: http://www.math.utah.edu/~beebe/ -
-------------------------------------------------------------------------------

More information about the sllug-members mailing list