Analysis Tool List

For all commercial tools listed, either there is a free trial version or academic version available, or we have a CMU license for this class.  For the tools that have been evaluated in the past, a link to the students report is given.

Tool Name	Platform	Commercial/ Research	Comments
Klocwork	C/C++/Java	C	Commercial analysis tool that can find null dereferences, buffer over/underruns, memory errors, format string vulnerabilities, etc. A free demo of Klocwork Solo is available.
Fluid/SureLogic JSure	Java	C	Commercial analysis tool that finds concurrency problems using static and dynamic analysis. This is the tool that was described in class. The instructor can get you a tool license.
Microsoft Pex	.NET languages	C/R	High-quality research tool released by Microsoft; aids in testing and test generation.
Parasoft	C/C++/Java/.NET	C	Commercial test generation tool.  Also checks "coding rules."
Checkmarx	Java/.NET/PHP/C/C++/VB/Ruby/JavaScript/Perl	C	Static analysis, focused on security
Eclat	Java	R	Automatically generates test inputs for a Java program chen-eclat-05.pdf serendipity-eclat-06.pdf
Purify	C, C++, Java	C	Detects memory errors in C/C++ programs at runtime, or debugs garbage-collection related problems in Java jinheec-Purify-2008.pdf hong-purify-07.pdf pathfinder-purify-06.pdf hagen-purify-05.pdf gbajabiamila-purify-05.pdf zhao-purify-02.pdf
Java PathFinder	Java	R	Model checker for Java programs, finds protocol-related errors dickey-pathfinder-05.pdf
Zing	C#	R	Model checker for C# programs, finds protocol-related errors
FindBugs	Java	R	Collection of unsound bug detectors for Java. NASH-FindBugs-2009.pdf Pidgin-FindBugs-2009.pdf Sandcastle-FindBugs-2009.pdf square-root-FindBugs-2009.pdf gchoi-Findbugs-2008.pdf choi-findbugs-07.pdf simulacrum-findbugs-06.pdf gim-findbugs-05.pdf
Daikon	C, Java	R	Tool for dynamically detecting likely invariants in Java and C/C++ programs. omparchitectability-daikon-06.pdf noh-daikon-05.pdf kim-daikon-02.pdf prakash-daikon-02.pdf
BOOP	C	R	Model checker for C programs, modeled after SLAM.
Reflexion Models	Java	R	A tool for reverse engineering programs keum-reflexion-05.pdf
Microsoft's Standard Annotation Language	.Net	C	Annotation-based static analysis for buffer overflows and other vulnerabilities. Part of Visual Studio 2005 team edition; the instructor has a trial copy available for your experimentation (contact the instructor).
Rigi	C	R	A tool for reverse engineering programs
PMD	Java	R	Finds design-related errors group2-PMD-2009.pdf mappers-PMD-2009.pdf theCruX-PMD-2009.pdf hsu-pmd-07.pdf
JLint	Java	R	Finds bugs in Java
Bandera	Java	R	Model checker for Java, finds protocol-related errors
Lackwit		R	Designed to aid reverse engineering or restructuring tasks
Splint (formerly LCLint)	C	R	Finds security vulnerabilities and coding mistakes
EclipsePro Audit and Test	Java	C	EclipsePro Audit - Finds style violations and other Java issues (e.g. rules from Effective Java book) EclipsePro Test - test generation and coverage tool Diversity-EclipseProAudit-2009.pdf davinci-eclipsepro-06.pdf
VeriSoft	C/C++ on Unix	R	Model checker for concurrent Unix programs
Lattix LDM	C/C++/Java	C	Supports dependency analysis through Design Structure Matrices rbansal-Lattix-2008.pdf overhead-lattix-06.pdf
FxCop	.Net	C	Checks coding style and guidelines with an eye towards performance sseela-FxCop-2008.pdf
DataFactory	Windows	C	Generates test data in a database rad-datafactory-06.pdf
JProfiler	Java	C	Performance evaluation tool, including memory usage and time profiling cho-jprofiler-06.pdf
Coverity	C, C++	C	Commercial analysis tool that can find null dereferences, buffer over/underruns, memory and concurrency errors, format string vulnerabilities, etc. Reports released by aGreement with Coverity. sramteke-Coverity-FindBugs-2008.pdf coverity-on-boss.pdf cure-coverity-06.pdf
Grammatech CodeSurfer/CodeSonar	C/C++	C	CodeSurfer - Sophisticated code browser that includes pointer analysis, call graphs, dependency chains, etc. CodeSonar - Analysis for null dereferences, div by zero, buffer over/underruns, memory errors, format string vulnerabilities, etc. garg-codesonar-07.pdf
Fortify	C/C++/Java	C	Commercial analysis tool focused on security vulnerabilities like buffer over/underruns, format string vulnerabilities, SQL injection attacks, etc. dsouza-fortify-07.pdf
Agitar	Java	C	Commercial test generation tool.  Also checks "coding rules."  tsuji-agitarone-07.pdf
Automated Test Designer	Java?	C	Automated test generation from requirements
Airac5	C	R	Static Analyzer for Automatic Detection of Buffer Overrun Errors in C Programs
Intel VTune performance analyzer	Windows/Linux	C	Profiling/performance analysis.  Educational license available from instructor.
Lackwit	C	R	Alias analysis for program understanding.
Predictable Assembly from Certifiable Code (PACC)	CCL architecture description language	R	Architectural behavior and performance analysis VdashNeg-PACC-2009.pdf

Past Implementation projects

• Exploring the design of a rule-based language and its semantics
• lee-language-05.pdf
  
• Using the bddbddb package to implement a taintedness analysis
• bierhoff-bddbddb-05.pdf
• JavaD: Bringing Ownership Domains to Mainstream Java
• Superceeded by ISR technical report CMU-ISRI-06-110.pdf (original class report)
• Java Safety Analysis Tool
• theoractice-jsat-06.pdf

Past Literature Surveys

• A survey of clone detection analysis tools
• latoza-clone-detection-05.pdf
• A Survey of Methods for Preventing Race Conditions
• beckman-races-06.pdf
• Evaluating Static Analysis Frameworks
• christopher-analysis-frameworks-06.pdf
  

Other analysis tools to check out:

• Microsoft tools
• Static Driver Verifier (formerly SLAM) - comes with driver development kit
  
• PREfast/PREsharp - part of Microsoft Visual Studio 2005
• Academic
• Cooperative Bug Isolation Project
• LOOP
• Cadar/Engler SPIN '05
• DART PLDI '05
• JCrasher / Check-n-crash
  
• See also spinroot.com