Overview of tools that qualify to find control flow and data flow issues.
The last couple of years a new generation of static code checkers is emerging. These new code checkers are capable of finding a new type of defects based on control flow and data flow analysis. Errors such as buffer overflow, memory leakage and null pointer dereference can now be detected without actually running the code.
Due to this recent revolution, the market of static code analysis for C and C++ is changing rapidly. Existing suppliers of code checkers are forced to add data flow and control flow capabilities to their tools as well. As a result, it has become quite hard for potential users of these tools to select the right tool for the job.
This survey compares available static code checkers that are capable of doing control flow and data flow analysis. The research will be done incrementally, revealing new data if it becomes available. Feedback and customer experiences are welcome and will be integrated in the results.
The following steps will be taken. First a selection of tools is made. After that the requirements including their weighing will be determined. Finally, the requested data will be collected. Part of the survey will be to set up a test suite for comparison.
In order to qualify the following requirements must be met:
The tools that currently qualify are:
The following requirements are assessed:
The 3 most frequently downloaded SourceForge open source C/C++ projects will be used as test suite. These are:
Let us know whether there are other requirements that are important at email@example.com.