This is a list of notable tools for
static program analysis
In computer science, static program analysis (also known as static analysis or static simulation) is the analysis of computer programs performed without executing them, in contrast with dynamic program analysis, which is performed on programs duri ...
(program analysis is a synonym for code analysis).
Static code analysis tools
Languages
Ada
*
*
*
*
*
*
*
*
*
C, C++
*
*
Axivion Suite (Bauhaus)
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
C#
*
Axivion Suite (Bauhaus)
*
*
*
*
*
*
*
*
*
*
*
*
*
*
IEC 61131-3
IEC 61131-3 is the third part (of 10) of the international standard IEC 61131 for programmable logic controllers. It was first published in December 1993 by the IEC; the current (fourth) edition was published in May 2025.
Part 3 of ''IEC 61131' ...
* CODESYS Static Analysis integrated add-on for
CODESYS
Codesys (spelled “CODESYS” by the manufacturer, previously “CoDeSys”) is an integrated development environment for programming controller applications according to the international industrial standard IEC 61131-3.
CODESYS is developed ...
(application code realized e.g. in ST, FBD, LD)
Java
Java is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea (a part of Pacific Ocean) to the north. With a population of 156.9 million people (including Madura) in mid 2024, proje ...
*
*
*
*
*
*
*
*
*
JavaScript
JavaScript (), often abbreviated as JS, is a programming language and core technology of the World Wide Web, alongside HTML and CSS. Ninety-nine percent of websites use JavaScript on the client side for webpage behavior.
Web browsers have ...
*
ESLint JavaScript
syntax checker and formatter.
*
Google's Closure Compiler JavaScript optimizer that rewrites code to be faster and smaller, and checks use of native JavaScript functions.
*
CodeScene Behavioral analysis of code.
*
JSHint A community driven fork of JSLint.
*
JSLint
JSLint is a static code analysis tool used in software development for checking if JavaScript source code complies with coding rules. It is provided primarily as a browser-based web application accessible through the domain jslint.com, but there ...
JavaScript syntax checker and validator.
*
*
Semgrep A static analysis tool that helps expressing code standards and surfacing bugs early. A CI service and a rule library is also available.
*
Objective-C
Objective-C is a high-level general-purpose, object-oriented programming language that adds Smalltalk-style message passing (messaging) to the C programming language. Originally developed by Brad Cox and Tom Love in the early 1980s, it was ...
, Objective-C++
*
Clang
Clang () is a compiler front end for the programming languages C, C++, Objective-C, Objective-C++, and the software frameworks OpenMP, OpenCL, RenderScript, CUDA, SYCL, and HIP. It acts as a drop-in replacement for the GNU Compiler ...
The free Clang project includes a static analyzer. As of version 3.2, this analyzer is included in
Xcode
Xcode is a suite of developer tools for building apps on Apple devices. It includes an integrated development environment (IDE) of the same name for macOS, used to develop software for macOS, iOS, iPadOS, watchOS, tvOS, and visionOS. It w ...
.
*
Infer
Inferences are steps in logical reasoning, moving from premises to logical consequences; etymologically, the word '' infer'' means to "carry forward". Inference is theoretically traditionally divided into deduction and induction, a distinctio ...
Developed by an engineering team at Facebook with open-source contributors. Targets null pointers, leaks, API usage and other lint checks. Available as open source on github.
*
Opa
*
Opa includes its own static analyzer. As the language is intended for web application development, the strongly statically typed compiler checks the validity of high-level types for web data, and prevents by default many vulnerabilities such as
XSS attacks and database code injections.
Packaging
Packaging is the science, art and technology of enclosing or protecting products for distribution, storage, sale, and use. Packaging also refers to the process of designing, evaluating, and producing packages. Packaging can be described as a coo ...
*
Lintian Checks Debian software packages for common inconsistencies and errors.
*
Rpmlint Checks for common problems in rpm packages.
Perl
Perl is a high-level, general-purpose, interpreted, dynamic programming language. Though Perl is not officially an acronym, there are various backronyms in use, including "Practical Extraction and Reporting Language".
Perl was developed ...
*
Perl::Critic A tool to help enforce common Perl best practices. Most best practices are based on
Damian Conway's
Perl Best Practices book.
*
PerlTidy Program that acts as a
syntax checker and tester/enforcer for coding practices in Perl.
*
Padre An IDE for Perl that also provides static code analysis to check for common beginner errors.
PL/SQL
PL/SQL (Procedural Language for SQL) is Oracle Corporation's procedural extension for SQL and the Oracle relational database. PL/SQL is available in Oracle Database (since version 6 - stored PL/SQL procedures/functions/packages/triggers sinc ...
*
TOAD
Toad (also known as a hoptoad) is a common name for certain frogs, especially of the family Bufonidae, that are characterized by dry, leathery skin, short legs, and large bumps covering the parotoid glands.
In popular culture (folk taxonomy ...
A PL/SQL development environment with a Code xPert component that reports on general code efficiency as well as specific programming issues.
*
Visual Expert A PL/SQL
code analysis tool that reports on programming issues and helps understand and maintain complex code (
Impact Analysis,
Source Code documentation,
Call trees,
CRUD matrix, etc.).
PowerBuilder
PowerBuilder is an integrated development environment owned by SAP since the acquisition of Sybase in 2010. On July 5, 2016, SAP and Appeon entered into an agreement whereby Appeon, an independent company, would be responsible for developing, s ...
, PowerScript
*
Visual Expert A tool scanning PowerBuilder libraries (PBLs) for
code inspection,
Impact Analysis,
Source Code documentation,
Call trees,
CRUD matrix.
Python
*
PyCharm
PyCharm is an integrated development environment (IDE) used for programming in Python. It provides code analysis, a graphical debugger, an integrated unit tester, integration with version control systems, and supports web development with D ...
Cross-platform Python IDE with code inspections available for analyzing code on-the-fly in the editor and bulk analysis of the whole project.
*
PyDev Eclipse-based Python IDE with code analysis available on-the-fly in the editor or at save time.
*
Pylint Static code analyzer. Quite stringent; includes many stylistic warnings as well.
*
*
Semgrep Static code analyzer that helps expressing code standards and surfacing bugs early. A CI service and a rule library is also available.
*
Transact-SQL
Transact-SQL (T-SQL) is Microsoft's and Sybase's proprietary extension to the SQL (Structured Query Language) used to interact with relational databases. T-SQL expands on the SQL standard to include procedural programming, local variables, vari ...
*
Visual Expert A SQLServer
code analysis tool that reports on programming issues and helps understand and maintain complex code (Impact Analysis, source code documentation, call trees, CRUD matrix, etc.).
Tools with duplicate code detection
*
Axivion Suite (Bauhaus)
*
*
*
*
*
*
*
Formal methods tools
Tools that use
sound
In physics, sound is a vibration that propagates as an acoustic wave through a transmission medium such as a gas, liquid or solid.
In human physiology and psychology, sound is the ''reception'' of such waves and their ''perception'' by the br ...
, i.e. over-approximating a rigorous model,
formal methods
In computer science, formal methods are mathematics, mathematically rigorous techniques for the formal specification, specification, development, Program analysis, analysis, and formal verification, verification of software and computer hardware, ...
approach to static analysis (e.g., using static
program assertions). Sound methods contain no false negatives for bug-free programs, at least with regards to the idealized mathematical model they are based on (there is no "unconditional" soundness). Note that there is no guarantee they will report all bugs for buggy programs, they will report at least one.
*
Astrée finds all potential
runtime errors
Execution in computer and software engineering is the process by which a computer or virtual machine interprets and acts on the instructions of a computer program. Each instruction of a program is a description of a particular action which must b ...
by
abstract interpretation
In computer science, abstract interpretation is a theory of sound approximation of the semantics of computer programs, based on monotonic functions over ordered sets, especially lattices. It can be viewed as a partial execution of a computer pro ...
, can prove the absence of runtime errors and can prove functional assertions; tailored towards safety-critical C code (e.g. avionics).
*
CodePeer Statically determines and documents
pre- and
post-conditions for
Ada subprograms; statically checks preconditions at all call sites.
*
ECLAIR Uses formal methods-based static code analysis techniques such as abstract interpretation and
model checking
In computer science, model checking or property checking is a method for checking whether a finite-state model of a system meets a given specification (also known as correctness). This is typically associated with hardware or software syst ...
combined with
constraint satisfaction techniques to detect or prove the absence of certain
run time errors in
source code
In computing, source code, or simply code or source, is a plain text computer program written in a programming language. A programmer writes the human readable source code to control the behavior of a computer.
Since a computer, at base, only ...
.
*
ESC/Java and
ESC/Java2 Based on
Java Modeling Language, an enriched version of Java
*
Frama-C
Frama-C is a set of interoperable program analyzers for C programs. The name ''Frama-C'' stands for ''Framework for Modular Analysis of C programs''. Frama-C has been developed by the French Commissariat à l'Énergie Atomique et aux Énergi ...
An open-source analysis framework for C, based on the
ANSI/ISO C Specification Language (ACSL). Its main techniques include abstract interpretation,
deductive verification and
runtime monitoring.
*
KeY analysis platform for Java based on
theorem proving
Automated theorem proving (also known as ATP or automated deduction) is a subfield of automated reasoning and mathematical logic dealing with proving mathematical theorems by computer programs. Automated reasoning over mathematical proof was a majo ...
with specifications in the Java Modeling Language; can generate
test cases as counterexamples; stand-alone GUI or
Eclipse
An eclipse is an astronomical event which occurs when an astronomical object or spacecraft is temporarily obscured, by passing into the shadow of another body or by having another body pass between it and the viewer. This alignment of three ...
integration
*
MALPAS A formal methods tool that uses
directed graphs and
regular algebra to prove that software under analysis correctly meets its mathematical specification.
*
Polyspace Uses abstract interpretation, a formal methods based technique,
to detect and prove the absence of certain
run time errors in source code for C/C++, and Ada
*
SPARK Toolset including the
SPARK Examiner Based on the SPARK language, a subset of Ada.
See also
*
Automated code review
Automated code review software checks source code for compliance with a predefined set of rules or best practices.
Overview
The use of analytical methods to inspect and review source code to detect bugs or security issues has been a standard devel ...
*
Best Coding Practices
*
List of software development philosophies
*
Dynamic program analysis
Dynamics (from Greek δυναμικός ''dynamikos'' "powerful", from δύναμις ''dynamis'' " power") or dynamic may refer to:
Physics and engineering
* Dynamics (mechanics), the study of forces and their effect on motion
Brands and en ...
*
Software metric
In software engineering and development, a software metric is a standard of measure of a degree to which a software system or process possesses some property. Even if a metric is not a measurement (metrics are functions, while measurements are t ...
s
*
Integrated development environment
An integrated development environment (IDE) is a Application software, software application that provides comprehensive facilities for software development. An IDE normally consists of at least a source-code editor, build automation tools, an ...
(IDE) and
comparison of integrated development environments
The following tables list notable software packages that are nominal IDEs; standalone tools such as source-code editors and GUI builders are not included. These IDEs are listed in alphabetic order of the supported language.
ActionScript
A ...
. IDEs will usually come with built-in support for static program analysis, or with an option to integrate such support.
Eclipse
An eclipse is an astronomical event which occurs when an astronomical object or spacecraft is temporarily obscured, by passing into the shadow of another body or by having another body pass between it and the viewer. This alignment of three ...
offers such integration mechanism for most different types of extensions (plug-ins).
References
External links
The Web Application Security Consortium's Static Code Analysis Tool List"A Comparison of Bug Finding Tools for Java" by Nick Rutar, Christian Almazan, and Jeff Foster,
University of Maryland
The University of Maryland, College Park (University of Maryland, UMD, or simply Maryland) is a public land-grant research university in College Park, Maryland, United States. Founded in 1856, UMD is the flagship institution of the Univ ...
. Compares Bandera,
ESC/Java 2,
FindBugs, JLint, and PMD.
"Mini-review of Java Bug Finders" by Rick Jelliffe,
O'Reilly Media
O'Reilly Media, Inc. (formerly O'Reilly & Associates) is an American learning company established by Tim O'Reilly that provides technical and professional skills development courses via an online learning platform. O'Reilly also publishes b ...
.
Static code analysis
In computer science, static program analysis (also known as static analysis or static simulation) is the analysis of computer programs performed without executing them, in contrast with dynamic program analysis, which is performed on programs duri ...