Comparison of Static Code Checking Tools
Version: 0.4, Author: Paul Jansen
The last couple of years a new generation of static code checkers is emerging. These new code checkers are capable of finding a new type of defects based on control flow and data flow analysis. Errors such as buffer overflow, memory leakage and null pointer dereference can now be detected without actually running the code.
Due to this recent revolution, the market of static code analysis for C and C++ is changing rapidly. Existing suppliers of code checkers are forced to add data flow and control flow capabilities to their tools as well. As a result, it has become quite hard for potential users of these tools to select the right tool for the job.
This survey compares available static code checkers that are capable of doing control flow and data flow analysis. The research will be done incrementally, revealing new data if it becomes available. Feedback and customer experiences are welcome and will be integrated in the results.
The following steps will be taken. First a selection of tools is made. After that the requirements including their weighing will be determined. Finally, the requested data will be collected. Part of the survey will be to set up a test suite for comparison.
Tools that Qualify
In order to qualify the following requirements must be met:
- C and/or C++ support
- Being able to detect control flow and/or data flow defects without running code
The tools that currently qualify are:
- C++test/BugDetective (Parasoft)
- Clang (Open Source)
- CodeSonar (GrammaTech)
- Coverity (Synopsys)
- CppCheck (Open Source)
- Fortify (HP)
- Klocwork (Rogue Wave)
- PolySpace Bugfinder (MathWorks)
The following requirements are assessed:
- Ease of installation. How long does it take to get first results?
- Ease of use. How much time does it cost to understand the results? How much time does it cost to change the configuration? Is there any support to suppress individual violations? Are there any plugins available for programming IDEs?
- Performance. How long did it take to process the TIOBE test suite?
- Accuracy of results. How many false positives are found in the TIOBE test suite? How many false negatives? Is the available rule set complete enough?
- Interfacing. Is it possible to run in batch mode? And if so, how easy is it to export data to another program?
- Price. What pricing model is used and what are the license costs?
- Support. How long does it take to get support and what is the quality of the answers?
C/C++ Test Suite
The 3 most frequently downloaded SourceForge open source C/C++ projects will be used as test suite. These are:
- Apache HTTP Server
Let us know whether there are other requirements that are important. In the next edition we will publish the “Ease of installation” results of the various tools.