Comparison of Static Code Analysis Tools

被引:11
|
作者
Mantere, Matti [1 ]
Uusitalo, Ilkka [1 ]
Roning, Juha [2 ]
机构
[1] VTT Tech Res Ctr Finland, Kaitovayla 1, Oulu, Finland
[2] Univ Oulu, OUSPG Oulu Univ Secure Programming Grp, Oulu, Finland
来源
2009 THIRD INTERNATIONAL CONFERENCE ON EMERGING SECURITY INFORMATION, SYSTEMS, AND TECHNOLOGIES | 2009年
关键词
D O I
10.1109/SECURWARE.2009.10
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
In this paper we compare three static code analysis tools. The tools represent three different approaches in the field of static analysis: Fortify SCA is a non-annotation based heuristic analyzer Splint represents an annotation based heuristic analyzer, and Frama-C an annotation based correct analyzer The tools are compared by analysing their performance when checking a demonstration code with intentionally implemented errors.
引用
收藏
页码:15 / +
页数:2
相关论文
共 50 条
  • [11] A Comparison of Open-Source Static Analysis Tools for Vulnerability Detection in C/C plus plus Code
    Arusoaie, Andrei
    Ciobaca, Stefan
    Craciun, Vlad
    Gavrilut, Dragos
    Lucanu, Dorel
    [J]. 2017 19TH INTERNATIONAL SYMPOSIUM ON SYMBOLIC AND NUMERIC ALGORITHMS FOR SCIENTIFIC COMPUTING (SYNASC 2017), 2017, : 161 - 168
  • [12] Identifying Security Relevant Warnings from Static Code Analysis Tools through Code Tainting
    Baca, Dejan
    [J]. FIFTH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY, AND SECURITY: ARES 2010, PROCEEDINGS, 2010, : 386 - 390
  • [13] Comparison of static analysis tools for finding concurrency bugs
    Manzoor, Numan
    Munir, Hussan
    Moayyed, Misagh
    [J]. 23RD IEEE INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING WORKSHOPS (ISSRE 2012), 2012, : 129 - 133
  • [14] Comparison of static analysis tools for finding concurrency bugs
    Manzoor, Numan
    Munir, Hussan
    Moayyed, Misagh
    [J]. Proceedings - 23rd IEEE International Symposium on Software Reliability Engineering Workshops, ISSREW 2012, 2012, : 129 - 133
  • [15] Use of SQALE and tools for analysis and identification of code technical debt through static analysis
    Guaman, Daniel
    Alejandro Quezada-Sarmiento, Pablo
    Barba-Guaman, Luis
    Enciso, Liliana
    [J]. 2017 12TH IBERIAN CONFERENCE ON INFORMATION SYSTEMS AND TECHNOLOGIES (CISTI), 2017,
  • [16] Analyzing False Positive Source Code Vulnerabilities Using Static Analysis Tools
    Cheirdari, Foteini
    Karabatis, George
    [J]. 2018 IEEE INTERNATIONAL CONFERENCE ON BIG DATA (BIG DATA), 2018, : 4782 - 4788
  • [17] Static analysis of source code security: Assessment of tools against SAMATE tests
    Diaz, Gabriel
    Ramon Bermejo, Juan
    [J]. INFORMATION AND SOFTWARE TECHNOLOGY, 2013, 55 (08) : 1462 - 1476
  • [18] Evaluating How Static Analysis Tools Can Reduce Code Review Effort
    Singh, Devarshi
    Sekar, Varun Ramachandra
    Stolee, Kathryn T.
    Johnson, Brittany
    [J]. 2017 IEEE SYMPOSIUM ON VISUAL LANGUAGES AND HUMAN-CENTRIC COMPUTING (VL/HCC), 2017, : 101 - 105
  • [19] Identifying and Documenting False Positive Patterns Generated by Static Code Analysis Tools
    Reynolds, Zachary P.
    Jayanth, Abhinandan B.
    Koc, Ugur
    Porter, Adam A.
    Raje, Rajeev R.
    Hill, James H.
    [J]. 2017 IEEE/ACM 4TH INTERNATIONAL WORKSHOP ON SOFTWARE ENGINEERING RESEARCH AND INDUSTRIAL PRACTICE (SER&IP 2017), 2017, : 55 - 61
  • [20] Using Software Engineering Metrics to Evaluate the Quality of Static Code Analysis Tools
    Alikhashashneh, Enas A.
    Raje, Rajeev R.
    Hill, James H.
    [J]. 2018 1ST INTERNATIONAL CONFERENCE ON DATA INTELLIGENCE AND SECURITY (ICDIS 2018), 2018, : 65 - 72
12345