Tools

FindBugs

  • Open source static bytecode analyzer for Java

  • By the University of Maryland

  • Find bug patterns

    • Off-by-one
    • Null Pointer Deference
    • Read() Return Should be Checked
    • Return Value Should be Checked
    • Unintialized Read in Constructor

PMD

  • Source code analyzer
  • Supports Java, Javascript, PLSQL etc.
  • Finds common programming flaws
    • Unused variables
    • Empty catch blocks
    • Unnecessary object creation

Google Error Prone

  • Focus on rules that produce very few false alarms
  • Easy to use

EvoSuite

  • Examines Java byte code and automatically generates JUnit tests
  • A practical form of Mutation Testing

Randoop

  • Generates random sequences of method calls looking for object contract violations
  • Discards method sequences that result in illegal argument exception
  • Remembers method sequences that construct complex objects and sequences that result in object contract violations

Java Path Finder (JPF)

  • By NASA
  • Acts like a special JVM which explores different thread interleaving looking for concurrency bugs
  • Explicit state software model checker
  • Can search for deadlocks and unhandled exceptions

Korat

  • By U of Illinois
  • Generates Java objects from a representation invariant specification that is wirtten as Java method
  • e.g. Generates all non-isomorphic trees for the BinaryTree class using the repOk() method to test other methods such as add()

Daikon

  • Recover invariants from programs
  • It runs the program, and exmaine values
    • Recover formal specifications
    • Revealed bugs

ESC/Java - Compaq

  • ESC/Java checks Java programs against specs written in JML

cppcheck

  • Bounds checking
  • Memory leaks
  • Division by zero
  • null pointer
  • Obsolete functions
  • uninitialized variables

Valgraind

  • Memcheck is a memory error detector for C and C++
    • Illegal read/write errors
    • Use of uninitialized values
    • Illegal frees
    • Overlapping source and destination blocks
    • Memory leak detection
  • Helgrind is a thread error detector (multi-threaded programming)

Flawfinder

  • Finding security bugs based on known patterns
    • Buffer overflow risks
    • Format string problems
    • Race conditions

Clang Static Analyzer

  • By U of Illinois
  • A C/C++ compiler front-end that includes a static analyzer
  • Checks for null pointers passed as arguments to a function whose arguments are marked with the 'nonnull' attribute
  • Memory leaks, division by zero, null pointer dereference etc.

American fuzzy lop

  • Security-oriented fuzzer
  • Employs a novel type of compile-time isntrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the target binary

Sparse - Linux

  • A parser tool designed to find faults in the linux console
    • User/kernel space
    • NUll pointer

Splint - U. of Virginia

  • Lint - the original static code analyzer for C
  • Splint - a tool for statically checking C programs for security vulnerabilities and coding mistakes
    • An open source evolved version of Lint

IntelliTest (Pex)

  • Microsoft's white box unit testing

KLEE

  • Uses Symbloc execution
    • Techniques to use input constraints automatically extract from documents to guide symbolic execution to test more effectively
  • Document-Assisted Symbolic Execution (DASE)

Coverity Static Analyzer

  • Identifies bugs in C/C++, Java and C# codebases
  • Must belief & May beliefs
  • Aim for low false positives

GrammaTech CodeSonar

  • Static analysis tool for C & C++ and Java
  • Performs better in C/C++ than Java
  • Aims for low false negatives

results matching ""

    No results matching ""