Anyone is welcome to constructively update this user-page with new information; However if you wish to delete it please email me first, and I will move it off-site.
This is a list of software tools that perform various kinds of Static code analysis, grouped by programming language and in alphabetical order:
- Axivion Bauhaus Suite - Architecture Visualization, Architecture Checking, Interface Analysis, Metrics, Clone Detection, Dominance Analysis, etc.
- LDRA Testbed
- PolySpace Verifier
- SofCheck Inspector for Ada Static Error Detection of Ada 83 & 95 with 100% path and control flow coverage
- SPARK programming language
- RapiTime WCET Analyzer
- Telelogic Logiscope RuleChecker (coding standards checking) and Audit (metrics measurement and ISO 9126-based quality modeling).
- Understand for AdaIDE with reverse engineering, automatic documentation, code navigation and understanding, metrics, maintenance and cross reference.
- Understand for Delphi reverse engineering, code navigation, and metrics tool
- Axivion Bauhaus Suite
- AQtime
- BLAST
- Cantata
- CCured (BSD, partly dynamic)
- Cleanscape lints for C++ and for C
- CMT++
- CodeSonar based on work by Reps et al at the University of Wisconsin.
- CodeWizard
- Coverity See the MC Checker for background.
- Cqual
- CScout Source code analyzer and refactoring browser for collections of C programs; handles the preprocessor constructs.
- C++test
- Flawfinder (GPL) Contains a good list of other security-based static checking tools.
- Ounce, which is a security-focused source code analysis tool.
- Fortify Software See Fortify Source Code Analysis
- GCC Introspector (GPL) C, but is expanding to include perl, bison, m4, bash, c#, java, c++, fortran, objective-c, lisp and scheme.
- Gimpel Software FlexeLint and PC-Lint
- HP Code Advisor Identifies potential coding errors, porting issues, and security vulnerabilities.
- ITS4 Scans source code for potentially dangerous function calls.
- LDRA Testbed
- Klocwork
- Lattix LDM - Architecture Management using Dependency Analysis
- MOPS (BSD style license)
- OpenC++
- OSPC
- PMD's Copy/Paste Detector
- PolySpace
- PREfast Part of DDK, for driver development, see VS2005 for user-land.
- QAC, QAC-MISRA, QAC++ Coding style, metrics, dataflow, good enforcing of MISRA standards.
- Resource Standard Metrics
- Rough Auditing Tool for Security
- Smatch C source checker, used mainly for Linux kernel code.
- Sotograph
- Sparse (GPL)
- Stacktool
- Splint (GPL)
- Surveyor C/C++, Java, COBOL, VB/VB.NET, Tcl, ASP, others.
- Telelogic Logiscope RuleChecker (coding standards checking) and Audit (metrics measurement and ISO 9126-based quality modeling).
- Visual Studio 2005 Team Edition only.
- RapiTime WCET Analyzer
- Understand for C/C++ ANSI C, C++ and K&R C reverse source engineering, code navigation, and metrics tool.
- AQtime
- .TEST
- Resource Standard Metrics Configurable Static Source Code Metrics and Analysis Tool from M Squared Technologies, Online-Documentation
- Fortify Software See Fortify Source Code Analysis
- FxCop
- Lattix LDM - Architecture Management using Dependency Analysis
- LDRA Testbed
- NDepend - Architecture Management (Dependencies, Metrics, Build comparison)
- Source Monitor - Simple analytical tool displaying metrics such as complexity, depth, lines/method, methods/class among others. Nice use of Kiviat graph. (C#, VB, C++, among others)
- Sotograph - Architecture and quality in-depth analysis and monitoring
- Visual Studio - Visual Studio 2005 Team Suite or Team Edition for Software Developers only, has integrated FxCop and PREFast functionality.
- DevMetrics and DevAdvantage (Now open source)
- Compuware DevPartner Studio
- FortranLint
- FTNCHEK
- Understand for FORTRAN FORTRAN 77, 90, 95 reverse source engineering, metrics and cross reference tool
- Agitator Dashboard
- AntiC
- Axivion Bauhaus Suite - Architecture Visualization, Architecture Checking, Interface Analysis, Metrics, Clone Detection, Dominance Analysis, etc.
- Checkstyle
- CMTJava - Complexity Measures Tool for Java
- ESC/Java - Extended Static Checking for Java
- ESC/Java2
- FindBugs-Find Bugs in Java Programs
- Fortify Software See Fortify Source Code Analysis
- Hammurapi
- JDepend
- Oracle JDeveloper - Code auditing framework and code metrics
- Jlint
- Jtest
- Kaveri (Indus) - Program Comprehension/Slicing Tool (Library) for Java
- Klocwork
- Lattix LDM - Architecture Management using Dependency Analysis
- Lint4j Static source code analysis with plugins for Maven, Ant and Eclipse
- PMD
- QAJ
- Refactorit
- Resource Standard Metrics Configurable Static Source Code Metrics and Analysis Tool from M Squared Technologies, Online-Documentation
- SofCheck Inspector for Java Static Error Detection of Java byte code with 100% path coverage
- SonarJ Light weight management of architecture and technical quality for Java projects
- Sotograph - Architecture and quality in-depth analysis and monitoring
- Spoon - Spoon is a Java program processor that fully supports Java 5
- STAN - Eclipse integrated structure analysis for Java. Visualize design, understand code, measure quality, generate reports.
- Structure101 - Structural dependency analysis. Rate & analyze the quality of your software architecture.
- Surveyor - Java and many other languages
- Telelogic Logiscope RuleChecker (coding standards checking) and Audit (metrics measurement and ISO 9126-based quality modeling).
- TorqueWrench
- UCDetector - Unnecessary Code Detector, eclipse PlugIn to find unnecessary (dead) public java code
- Understand for Java reverse source engineering, code navigation, and metrics
- WALA T. J. Watson Libraries for Analysis
- JSLint - An online tool which you can also download and run from command line
- Javascript Lint - A lint like tool for javascript written in C/C++ and based on JavaScript engine for the Firefox browser.
- JavaScript Reporter - A static JavaScript analyzer/verifier.
- JSure javascript checker - A static JavaScript analyzer/verifier.
- Understand for JOVIAL reverse engineering, metrics, and cross referencing tool
- PHP executes a built-in basic Lint check when invoked with the -l switch. Example usage:
for i in `find . -name \*.php`; do php -l $i | grep -v "No syntax errors"; done - Copy/Paste Detector
- Zend Studio IDE includes static code analysis for PHP, called the "Code Analyzer".
- ocProducts code quality checker
- Armorize CodeSecure - The first security appliance for PHP source code scanning with traceback support and Web 2.0 interface.
- PHPLint - a validator and documentator for PHP 4 and PHP 5 programs
- lint_php: PHP cyclomatic complexity - provides McCabe-like cyclomatic complexity free online analysis for PHP code (the tool is written in PHP, as well, and can be downloaded for offline use).
- Spyglass by Atrenta
- RTL Analysis by Blue Pearl Software
- Hal by Cadence
- Leda by Synopsys
- Aivosto Project Analyzer finds dead code and programming problems. It will also tell you which modules call which, and provide Cyclomatic complexity metrics.
- AQtime
- Axivion Bauhaus Suite - Clone Detection
- Compuware DevPartner Studio
- Resource Standard Metrics Configurable Static Source Code Metrics and Analysis Tool from M Squared Technologies, Online-Documentation
- Fortify Software See Fortify Source Code Analysis
- FxCop
- Lattix LDM - Architecture Management using Dependency Analysis
- Sotograph - Architecture and quality in-depth analysis and monitoring
- Visual Studio - Visual Studio 2005 Team Suite or Team Edition for Software Developers only, has integrated FxCop and PREFast functionality.
- DevMetrics and DevAdvantage (Now open source)
- Compuware DevPartner Studio
Not language-specific
- PAG and PAG/WWW - The Program Analyzer Generator, not for a specific language, but for building analyzers.
- StackAnalyzer - Stack Usage Analysis.
- CodeHawk™
Unknown language
- Broadway
- SLAM
- BOON
- Kaylo
External links
- software Introspector Wikibook lists more software programs of this type.