Static code analysis tools


Static code analysis tools are intended to detect defects in program source code. The name itself points out that they use the static code analysis technology as their concept.

There exists a huge number of static analysis tools for different programming languages. A large list of these tools can be found on the Wikipedia website: List of tools for static code analysis.

Our company develops the PVS-Studio code analyzer intended for analysis of C/C++ code. For this reason we'll touch upon some of the most popular C/C++ code analyzers which are our competitors.

  • Coverity. It is considered to be one of the best static code analyzers on market. The prices are high and revealed only individually. They maintain a program of free analysis of open-source applications. Related links: website, Wikipedia page.
  • Cppcheck. A very popular free open-source project. They announce an ambition of obtaining 100% elimination of false positives. However, it is based on the concept of using regular expressions in analysis. As a result, it appears a significant factor that prevents them from reaching the defined goals. Because of this, the tool is also incapable to perform many diagnostics (see the article "Static analysis and regular expressions"). If the situation has changed, correct me please. Related links: website, Wikipedia page, comparison to PVS-Studio, description.
  • Clang. A C/C++/Objective-C compiler with an integrated powerful static code analyzer. Many other compilers, however, have their own good integrated code analyzers too. For instance, Visual Studio 2012 supports static analysis for Visual C++ projects (the /analyze compiler switch). The reason why Clang is so popular is that its code is open and you may write your own extensions for it. Related links: website, Wikipedia page, checking Clang with PVS-Studio.
  • Frama-C. A C code analyzer. Related links: website, Wikipedia page.
  • Goanna. A C/C++ code analyzer. Related links: website, Wikipedia page.
  • Klocwork Insight. One of the leaders of the static code analyzers market. Like with Coverity and other tools, we cannot compare our tool to this one because they refuse to give us trial licenses. Related links: website, Wikipedia page.
  • Lint. We mention it here because it is valuable from the viewpoint of history. This tool can be called the first static analyzer for the C language. Names of many contemporary analyzers are derived from the word "lint" (cpplint, PC-Lint, Splint, JSLint, Rpmlint, Puppet Lint, Pylint). See the Wikipedia article to learn more about the tool.
  • Parasoft C/C++test. A widely known and popular code analyzer. Related links: website, Wikipedia page.
  • PC-Lint. A pretty flexible static analysis tool. A large number of settings to be specified in configuration files is the payment for the flexibility. Related links: website, Wikipedia page.
  • PVS-Studio. The code analyzer developed by our company. Related links: product page, examples of errors detected by the analyzer.

Bugs Found

Checked Projects
343
Collected Errors
12 850