Download Tools for static code analysis: A survey

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
page
61
page
62
page
63
page
64
page
65
page
66
page
67
page
68
page
69
page
70
page
71
page
72
page
73
page
74
page
75
page
76
page
77
page
78
page
79
page
80
page
81
page
82
page
83
page
84
page
85
page
86
page
87
page
88
page
89
page
90
page
91
page
92
page
93
page
94
page
95
page
96
page
97
page
98
page
99
page
100
page
101
page
102
page
103
page
104
page
105
page
106
page
107
page
108
page
109
page
110
page
111
page
112
page
113
page
114
page
115
page
116
page
117
page
118
page
119
Transcript 
28
3.5.2
Survey
Splint
User manuals
The Splint manual can be viewed either as a html page or as a pdf document. The
manual is very large and thorough, consisting of 14 chapters and 5 appendices
in a total of 121 pages. The first chapter brings up how to operate Splint, by
explaining the basic commands, warnings produced by Splint, various flags that
can be used, what annotations are and how they might be used. The remaining
chapters deal with the various problems (bugs) Splint can detect. Each problem is
given an individual chapter in which all of its sub problems are very well explained
(in many cases with good examples). Furthermore which annotations that can be
used for a specific problem, in order to make the scan even more accurate, are
described.
The user manual does not contain any tutorial on how to use Splint but on
Splint’s web page (found at http://www.splint.org/ ) there exists a very good tutorial that covers many aspects on how to use LCLint (the predecessor of Splint).
Since Splint is LCLint with some added functionality it serves as a very good
foundation when beginning to learn how to use Splint.
As a whole the manual is very clear, explains all of the functionality very well
and explains all of the problems searched for in an educational manner.
Internet forums
There is no Internet forum dedicated to Splint that the author of this thesis has
found. However, there are two mailing lists that one can join: Splint Announce,
which is used to announce new version of Splint, and Splint Discuss which is dedicated to informal discussions about Splint usage and development. The contents
of the latter one can also be found at the Splint Discuss Archives 5 and it has some
posts every month with response times at often just a few days.
Books
No books were found about Splint but it is referenced to in quite a lot of books
concerning software security.
3.5.3
Fortify SCA
User manuals
Since only a demo version of Fortify SCA 4.0 could be obtained and since no
actual documentation could be found on the website (http://www.fortify.com),
the documentation that came with the demo version is what is being evaluated in
this thesis.
Fortify SCA comes with two different user manuals. The first one is about the
SCA and describes what it is, what different methods are being used when doing a
scan, why they are made and finally how to use it. There are chapters explaining
5 http://www.cs.virginia.edu/pipermail/splint-discuss/
Related documents
MassMatrix Full Manual
MassMatrix Full Manual
Thesis - Técnico Lisboa
Thesis - Técnico Lisboa
Siproxd Users Guide
Siproxd Users Guide
Paper - STS
Paper - STS
Introduction to software development tools
Introduction to software development tools
LCLint User's Guide
LCLint User's Guide
990-HB Pre-Hanging Door System
990-HB Pre-Hanging Door System
A General Dynamic Information Flow Tracking Framework
A General Dynamic Information Flow Tracking Framework
Fortify SCA User Guide
Fortify SCA User Guide
SG-CG/M490/K_ SGAM usage and examples SGAM User Manual
SG-CG/M490/K_ SGAM usage and examples SGAM User Manual
Physics Linux System User's Guide
Physics Linux System User's Guide
Class action : mode d`emploi
Class action : mode d`emploi
Games for Mastering Fear Training Manual PDF File
Games for Mastering Fear Training Manual PDF File
HMI Solution Based on SmartPhones
HMI Solution Based on SmartPhones
Student Guide to SPSS
Student Guide to SPSS
Moxi Flow User Manual
Moxi Flow User Manual
Port of Valgrind to Solaris/x86
Port of Valgrind to Solaris/x86
BogoSec: Source Code Security Quality Calculator
BogoSec: Source Code Security Quality Calculator
Rossiter-LiterateDat..
Rossiter-LiterateDat..
CHANGE D3.3: Flow Processing Platform: Main Implementation
CHANGE D3.3: Flow Processing Platform: Main Implementation
User Guide - Secure Decisions
User Guide - Secure Decisions