Comparison of static code analysis tools

Matti Mantere; Ilkka Uusitalo; Juha Röning

doi:10.1109/SECURWARE.2009.10

Comparison of static code analysis tools

Matti Mantere, Ilkka Uusitalo, Juha Röning

VTT Technical Research Centre of Finland

University of Oulu

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

13 Citations (Scopus)

Abstract

In this paper we compare three static code analysis tools. The tools represent three different approaches in the field of static analysis: Fortify SCA is a non-annotation based heuristic analyzer, Splint represents an annotation based heuristic analyzer, and Frama-C an annotation based correct analyzer. The tools are compared by analysing their performance when checking a demonstration code with intentionally implemented errors.

Original language	English
Title of host publication	2009 Third International Conference on Emerging Security Information, Systems and Technologies (SECURWARE). Athens, Glyfada, Greece, 18 - 23 June 2009
Place of Publication	Piscataway
Publisher	IEEE Institute of Electrical and Electronic Engineers
Pages	15-22
ISBN (Print)	978-0-7695-3668-2
DOIs	https://doi.org/10.1109/SECURWARE.2009.10
Publication status	Published - 2009
MoE publication type	A4 Article in a conference publication

Publication series

Series	International Conference on Emerging Security Information, Systems and Technologies
Volume	3
ISSN	2162-2108

Keywords

Static code analysis
code auditing

Access to Document

10.1109/SECURWARE.2009.10

Cite this

Mantere, M., Uusitalo, I., & Röning, J. (2009). Comparison of static code analysis tools. In 2009 Third International Conference on Emerging Security Information, Systems and Technologies (SECURWARE). Athens, Glyfada, Greece, 18 - 23 June 2009 (pp. 15-22). IEEE Institute of Electrical and Electronic Engineers. International Conference on Emerging Security Information, Systems and Technologies Vol. 3 https://doi.org/10.1109/SECURWARE.2009.10

Mantere, Matti ; Uusitalo, Ilkka ; Röning, Juha. / Comparison of static code analysis tools. 2009 Third International Conference on Emerging Security Information, Systems and Technologies (SECURWARE). Athens, Glyfada, Greece, 18 - 23 June 2009. Piscataway : IEEE Institute of Electrical and Electronic Engineers, 2009. pp. 15-22 (International Conference on Emerging Security Information, Systems and Technologies, Vol. 3).

@inproceedings{80171b4dc2a841c5b6d0d5b40afbbbf7,

title = "Comparison of static code analysis tools",

abstract = "In this paper we compare three static code analysis tools. The tools represent three different approaches in the field of static analysis: Fortify SCA is a non-annotation based heuristic analyzer, Splint represents an annotation based heuristic analyzer, and Frama-C an annotation based correct analyzer. The tools are compared by analysing their performance when checking a demonstration code with intentionally implemented errors.",

keywords = "Static code analysis, code auditing",

author = "Matti Mantere and Ilkka Uusitalo and Juha R{\"o}ning",

note = "Project code: 6739",

year = "2009",

doi = "10.1109/SECURWARE.2009.10",

language = "English",

isbn = "978-0-7695-3668-2",

series = "International Conference on Emerging Security Information, Systems and Technologies",

publisher = "IEEE Institute of Electrical and Electronic Engineers",

pages = "15--22",

booktitle = "2009 Third International Conference on Emerging Security Information, Systems and Technologies (SECURWARE). Athens, Glyfada, Greece, 18 - 23 June 2009",

address = "United States",

}

Mantere, M, Uusitalo, I & Röning, J 2009, Comparison of static code analysis tools. in 2009 Third International Conference on Emerging Security Information, Systems and Technologies (SECURWARE). Athens, Glyfada, Greece, 18 - 23 June 2009. IEEE Institute of Electrical and Electronic Engineers, Piscataway, International Conference on Emerging Security Information, Systems and Technologies, vol. 3, pp. 15-22. https://doi.org/10.1109/SECURWARE.2009.10

Comparison of static code analysis tools. / Mantere, Matti; Uusitalo, Ilkka; Röning, Juha.
2009 Third International Conference on Emerging Security Information, Systems and Technologies (SECURWARE). Athens, Glyfada, Greece, 18 - 23 June 2009. Piscataway: IEEE Institute of Electrical and Electronic Engineers, 2009. p. 15-22 (International Conference on Emerging Security Information, Systems and Technologies, Vol. 3).

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

TY - GEN

T1 - Comparison of static code analysis tools

AU - Mantere, Matti

AU - Uusitalo, Ilkka

AU - Röning, Juha

N1 - Project code: 6739

PY - 2009

Y1 - 2009

N2 - In this paper we compare three static code analysis tools. The tools represent three different approaches in the field of static analysis: Fortify SCA is a non-annotation based heuristic analyzer, Splint represents an annotation based heuristic analyzer, and Frama-C an annotation based correct analyzer. The tools are compared by analysing their performance when checking a demonstration code with intentionally implemented errors.

AB - In this paper we compare three static code analysis tools. The tools represent three different approaches in the field of static analysis: Fortify SCA is a non-annotation based heuristic analyzer, Splint represents an annotation based heuristic analyzer, and Frama-C an annotation based correct analyzer. The tools are compared by analysing their performance when checking a demonstration code with intentionally implemented errors.

KW - Static code analysis

KW - code auditing

U2 - 10.1109/SECURWARE.2009.10

DO - 10.1109/SECURWARE.2009.10

M3 - Conference article in proceedings

SN - 978-0-7695-3668-2

T3 - International Conference on Emerging Security Information, Systems and Technologies

SP - 15

EP - 22

BT - 2009 Third International Conference on Emerging Security Information, Systems and Technologies (SECURWARE). Athens, Glyfada, Greece, 18 - 23 June 2009

PB - IEEE Institute of Electrical and Electronic Engineers

CY - Piscataway

ER -

Mantere M, Uusitalo I, Röning J. Comparison of static code analysis tools. In 2009 Third International Conference on Emerging Security Information, Systems and Technologies (SECURWARE). Athens, Glyfada, Greece, 18 - 23 June 2009. Piscataway: IEEE Institute of Electrical and Electronic Engineers. 2009. p. 15-22. (International Conference on Emerging Security Information, Systems and Technologies, Vol. 3). doi: 10.1109/SECURWARE.2009.10

Comparison of static code analysis tools

Abstract

Publication series

Keywords

Access to Document

Fingerprint

Cite this