What static analysis tools are available for C

Question

What tools are there available for static analysis against C  code  I know about FxCop and StyleCop  Are there others  I ve run across NStatic before but it s been in development for what seems like forever - it s looking pretty slick from what little I ve seen of it  so it would be nice if it would ever see the light of day    Along these same lines  this is primarily my interest for static analysis   tools for testing code for multithreading issues  deadlocks  race conditions  etc   also seem a bit scarce  Typemock Racer just popped up so I ll be looking at that  Anything beyond this   Real-life opinions about tools you ve used are appreciated

User · Answer

Klocwork has a static analysis tool for C   http   www klocwork com

User · Answer

Aside from the excellent list by madgnome  I would add a duplicate code detector that is based off the command line  but is free    http   sourceforge net projects duplo

User · Answer

Code violation detection Tools   Fxcop  excellent tool by Microsoft  Check compliance with  net framework guidelines  Edit October 2010  No longer available as a standalone download  It is now included in the Windows SDK and after installation can be found in Program Files Microsoft SDKs Windows   v7 1   Bin FXCop FxCopSetup exe Edit February 2018  This functionality has now been integrated into Visual Studio 2012 and later as Code Analysis  Clocksharp  based on code source analysis  to C  2 0   Mono Gendarme  similar to Fxcop but with an opensource licence  based on Mono Cecil   Smokey  similar to Fxcop and Gendarme  based on Mono Cecil  No longer on development  the main developer works with Gendarme team now   Coverity Prevent    for C   commercial product  PRQA QA  C   commercial product  PVS-Studio  commercial product  CAT NET  visual studio addin that helps identification of security flaws Edit November 2019  Link is dead   CodeIt Right  Spec   Pex  SonarQube  FOSS  amp  Commercial options to support writing cleaner and safer code    Quality Metric Tools   NDepend  great visual tool  Useful for code metrics  rules  diff  coupling and dependency studies  Nitriq  free  can easily write your own metrics constraints  nice visualizations  Edit February 2018  download links now dead  Edit June 17  2019  Links not dead  RSM Squared  based on code source analysis C  Metrics  using a full parse of C  SourceMonitor  an old tool that occasionally gets updates Code Metrics  a Reflector add-in Vil  old tool that doesn t support  NET 2 0  Edit January 2018  Link now dead  Checking Style Tools   StyleCop  Microsoft tool   run from inside of Visual Studio or integrated into an MSBuild project   Also available as an extension for Visual Studio 2015 and C 6 0 Agent Smith  code style validation plugin for ReSharper  Duplication Detection   Simian  based on source code  Works with plenty languages  CloneDR  detects parameterized clones only on language boundaries  also handles many languages other than C   Clone Detective a Visual Studio plugin   It uses ConQAT internally  Atomiq  based on source code  plenty of languages  cool  quot wheel quot  visualization  General Refactoring tools  ReSharper - Majorly cool C  code analysis and refactoring features

User · Answer

Gendarme is an open source rules based static analyzer  similar to FXCop  but finds a lot of different problems   Clone Detective is a nice plug-in for Visual Studio that finds duplicate code    Also speaking of Mono  I find the act of compiling with the Mono compiler  if your code is platform independent enough to do that  a goal you might want to strive for anyway  finds tons of unreferenced variables and other Warnings that Visual Studio completely misses  even with the warning level set to 4

User · Answer

The tool NDepend is quoted as Quality Metric Tools but it is pretty much also a Code violation detection tool  Disclaimer  I am one of the developers of the tool  With NDepend  one can write Code Rule over LINQ Queries  what we call CQLinq   More than 200 CQLinq code rules are proposed by default  The strength of CQLinq is that it is straightforward to write a code rule  and get immediately results  Facilities are proposed to browse matched code elements  For example     Beside that  NDepend comes with many others static analysis like features  These include    Smart Technical Debt Estimation Dependency Graph Dependency Matrix Code Diff capabilities NDepend API that lets write you own static analysis tool  With NDepend APi we even developed a tool to detect code duplicate  details in this blog post  An Original Algorithm to Find  NET Code Duplicate

User · Answer

Axivion Bauhaus Suite is a static analysis tool that works with C   as well as C  C   and Java    It provides the following capabilities    Software Architecture Visualization  inlcuding dependencies  Enforcement of architectural rules e g  layering  subsystems  calling rules Clone Detection - highlighting copy and pasted  and modified code  Dead Code Detection Cycle Detection Software Metrics Code Style Checks   These features can be run on a one-off basis or as part of a Continuous Integration process  Issues can be highlighted on a per project basis or per developer basis when the system is integrated with a source code control system

User · Answer

I find the Code Metrics and Dependency Structure Matrix add-ins for Reflector very useful

User · Answer

Optimyth Software has just launched a static analysis service in the cloud www checkinginthecloud com  Just securely upload your code run the analysis and get the results  No hassles   It supports several languages including C  more info can be found at wwww optimyth com

User · Answer

Have you seen CAT NET   From the blurb -     CAT NET is a binary code analysis tool   that helps identify common variants of   certain prevailing vulnerabilities   that can give rise to common attack   vectors such as Cross-Site Scripting    XSS   SQL Injection and XPath   Injection    I used an early beta and it did seem to turn up a few things worth looking at

[c#] What static analysis tools are available for C#?

Examples related to c#

Examples related to code-analysis

Examples related to static-analysis