| tool and home page |
implemented in |
analyzes |
analysis type |
documentation? |
notes |
example projects |
|
CCured
|
OCaml using CIL |
C |
enforces type-safe execution |
good enough |
|
|
| CIL |
OCaml |
ANSI C, gcc, Microsoft C |
typechecking, provides infrastructure for other analyses |
good enough |
|
|
| cXprop |
OCaml using CIL |
C |
context and path insensitive dataflow with pluggable domains,
pretty good pointer analysis, and concurrency analysis specific
to interrupt-driven software |
no, but Nathan is the local expert |
|
-
support the octagon
transfer functions
-
support propagation, folding, etc. for floating point values
-
implement signed interval domain, including backwards operations
-
implement a sparse dataflow representation
|
|
gcc
|
C |
C, C++, Java |
optimizing compiler |
minimal
|
getting started will be relatively painful |
|
|
Jikes RVM
|
Java |
Java bytecode |
not a static analyzer; performs analysis while
JITing |
?? |
|
|
|
LLVM
|
C++
|
C, C++
|
optimizing compiler
|
good |
|
|
|
Locksmith
|
OCaml using CIL |
C with pthreads |
context sensitive lockset |
minimal |
|
see doc/notes.txt in the source distribution |
|
ProGuard
|
Java
|
Java bytecode |
optimizing compiler and obfuscator |
?? |
|
add intervals or another abstract domain that is more interesting
than constants
|
|
Saturn
|
OCaml using CIL, analysis are written in CLP |
C |
path, flow, and context sensitive summary-based analysis |
good |
|
|
|
Soot
|
Java |
Java bytecode |
optimizing compiler |
?? |
|
|
|
Sparse
|
C |
C |
typechecking, random bugfinding |
no |
|
|
|
valgrind
|
C |
x86 and PPC object code |
not a static analyzer; performs analysis while
JITing |
?? |
|
|