Tools and Services: Static Analysis

Submit a tool

Tools & Services

Please enter a tool name or keyword

Static Analysis

Tools available on Static Analysis


PVS-Studio is a proprietary static code analyzer. It is intended for locating a wide range of programming errors and vulnerabilities in a source code. One of its distinctive features is the ability to find misprints and copy-pasting errors.

The analyzer supports following languages: C, C++, C++11, C++/CLI, C++/CX.PVS-Studio supports integration with the Visual Studio IDE, but can also be used as a standalone tool for checking C/C++ preprocessed files and intercepting compiler invocations. It supports GCC, Clang, Borland C++ and Visual C++ compilers.

Our Customers: id Software, Intel, Bosch, Microsoft, NVIDIA, Viber, ZeniMAX Media Inc, Tech Soft 3D, Nobel Biocare, etc.



AgitarOne helps you work safer, better, and smarter as you develop and maintain Java applications. AgitarOne JUnit Generator creates thorough JUnit tests on your code, with 80% coverage out of the box! It helps find regressions and makes it safer and easier to improve code, reducing maintenance costs. AgitarOne Agitator helps you understand the behavior of your code as it is written, aiding the prevention of bugs and code complexity. AgitarOne also now provides functional coverage capabilities in and out of the JUnit environment.

All software systems are built to some degree using copy/paste/edit. This is efficient short term because it is code reuse. It is inefficient long term because it is reuse of assumptions (which break) and bugs, and failure to build clean abstractions of useful concepts and their implementation. CloneDR uses precise language parsers to locate duplicated code, in terms of language structures (statement sequences, declarations, methods, ...) including variants which have been edited. This enables management/removal of the clones.

Clover identifies the riskiest code in your projects so you can focus on testing where it'll have the most impact.

Testwell CMT++ calculates the basic McCabe, Halstead, lines-of-code and maintainability Index metrics on C/C++. Configurable alarm limits. Very fast. Can manage huge code volumes. Can be used without included header files and a C/C++ compiler. Easy to read and compact textual and HTML reporting (hierarachical, color-coded, mapped to source files). Can produce Excel and XML data file for customer specific further processing and analysis.

Testwell CMTJava calculates the basic McCabe, Halstead, lines-of-code and maintainability Index metrics on Java. Configurable alarm limits. Very fast. Can manage huge code volumes. Can be used a Java development environment. Easy to read and compact textual and HTML reporting (hierarchical, color-coded, mapped to source files). Can produce Excel and XML data file for customer specific further processing and analysis.

Code Coverage is radically different from other software testing tools.

* Through an innovative strategy, runtime instrumentation gathers coverage information
* Dynamic Code Coverage measures all function in the process, not just a single module
* Measures 3rd party code
* Does not require any recompile, so is easiest to use

Dynamic Code Coverage re-invents the test coverage tool. Dynamic Code Coverage does not require any compile/link time instrumentation. Free Trial.

CodeSonar, GrammaTech's flagship product, identifies programming bugs that can result in system crashes, memory corruption, and other serious problems. CodeSonar's powerful static analysis engine works out-of-the-box, requiring no changes to your existing build system or code. It performs whole-program analysis on codebases over 10 million lines of code. CodeSonar also includes workflow automation features, like an API for custom integrations and support for extensions that add custom checks.


QualityLogic's Comprehensive Evaluation Tests (CETs) thoroughly test page description languages, mark-up languages, and portable document formats for conformance to the language specification. CETs are available for most popular imaging languages:


Automating complex analysis and modification tasks on software code requires compiler-accurate processing. DMS provides language-precise parsing for some 30 languages (including tough languages such as C++11, Java and C#), basic language analysis such as symbol tables and control/data flow analysis, pattern matching and transformation, and regeneration of code from transformed structures. Tool builders use the DMS as a foundation for building custom code processing tools; this can literally save years of elapsed development time.

Engine Lab Software is an outsourcing software development company based in Ireland and serving companies from Ireland, UK and America.

IncrediBuild accelerates development via efficient parallel computing, transforming a local or cloud-based network into a “virtual supercomputer.” Processes are distributed to remote CPU resources for parallel processing, speeding all development tasks, including builds, unit testing, QA scripts, code analysis, code generation, image processing, video and graphics rendering, platform conversion, physical and lighting engine management, compression, etc. IncrediBuild is tuned for development with Visual Studio, Make, MSBuild, Gmake, VSimake, Jam, nAnt, Jom, Python, VsiMake, BJam, Jam+, etc., and on Xbox, Wii, Nintendo, and PlayStation.

Offered as a downloadable Eclipse plug-in, Klocwork Solo® makes Klocwork’s award-winning static analysis technology available as a standalone tool for Java developers focused on mobile app development.

Static analysis and code coverage tool for C, C++, Java, Ada83/Ada95 and Assembler (Intel, Freescale, Texas Instruments). Static analysis features include code visualisation, programming standards checking and complexity metrics. Code coverage is available for different coverage levels including MC/DC level A for the DO-178B standard, regression testing and available for any host/target environment.

The McCabe IQ suite is made up of three multi-platform, multi-language software quality, testing, and security solutions. McCabe IQ Developers Edition uncovers and visualizes risk in the form of source code complexity and security vulnerability, providing a host of metrics. IQ Test Team Edition delivers the most stringent code coverage from LOC to Basis Path level. IQ Enterprise Edition provides all the functionality of the Developers and Test Team Editions, in addition to enterprise reporting and web-enabled test data collection.

Parasoft C++test is an integrated solution for automating a broad range of best practices proven to improve software development team productivity and software quality. C++test enables coding policy enforcement, static analysis, comprehensive code review, and unit and component testing to provide teams a practical way to ensure that their C and C++ code works as expected. For embedded and cross-platform development, C++test can be used in both host-based and target-based code analysis and test flows.

Parasoft Jtest is a comprehensive Java testing product for development teams building Java EE, SOA, Web, and other Java applications. Whether a team is trying to build quality into new code or extend a legacy code base without breaking existing functionality, Jtest provides them a practical way to ensure that their Java code works as expected. It empowers them to modify their code quickly and with confidence, resulting in optimization of development resources and control of development schedules and costs.

Project Analyzer is a Visual Basic source code analyzer, optimizer, and documentor. Detect dead code and remove it. Diagram your systems. Surf your code as hypertext and graphical call trees. Document your work with a large selection of reports. Project Analyzer does an automatic code review to enforce configurable programming standards. It detects problems such as dead code and possible memory leaks. Supports VB 3-6, VBA and VB.NET.

IBM Rational AppScan is an industry-leading Web application security testing solutions that scans and tests for all common web application vulnerabilities—including those identified in the WASC threat classification—such as SQL-Injection, Cross-Site Scripting and Buffer Overflow.

Currently available for C, C++, Java, C#, COBOL and PHP

Test Coverage and Execution Profiler tools determine branch/code coverage for software suites. Low probe overhead enables real time coverage data collection, enabling coverage analysis of both application and embedded software. Vectors from multiple runs can be combined and displayed graphically over the source program to enable a test engineer to see what and/or how often a block of code has/has not been executed. Delta computation is included.

Regular "diff" is line oriented; programmers think in terms of language structures. SmartDifferencer compares two source files using precise language parsers to determine code structure, and reports differences in terms of language structures (identifier, expression, statement, block, method) regardless of format layout. Changes are reported as plausible edits: copy, move, insert, delete, and rename-identifier-in-block. This reduces the amount of deltas compared to typical diff, and thus makes code reviews much easier.

TBvision provides transparency into source code, enabling managers, teams and developers to better monitor testing, quality metrics, memory errors and security vulnerabilities.

Recognising the increased need for graphical ability to show code quality, fault detection and avoidance measures, TBvision incorporates next-generation reporting capabilities. As a highly flexible solution, TBvision provides users with the ability to quickly and easily view results in call graphs, flow graphs and code review reports for graphical feedback.

Tessy is a commercially available software tool that facilitates the automatic dynamic testing of software for embedded systems. Tessy addresses module/unit testing, integration testing, and regression testing and provides code coverage and creates test documentation in various formats. Test case specification according to the Classification Tree Method is supported by the Classification Tree Editor (CTE), which is included in Tessy.

Upcoming Events

Sep 22
Oct 13
Apr 27