Reputation: 145
static analysis tools for c++/c shared and static libraries
I have been looking for static analysis tools that detect buffer overrun in c++/c shared and static libraries, but without success. Especially with c/c++ libraries that are integrated with programs that are written in different programming language?
Do you have any suggestions?
Thank you
Upvotes: 1
Views: 742
Answers (1)
Reputation: 95410
Not for C++, but for C, and uses dynamic not static analysis: our CheckPointer program detects all kinds of memory access errors, including many that Valgrind will not. Unlike a static analyzer, if CheckPointer reports an error, you really have an error.
One problem you will face with testing a shared library, or a program that calls "foreign code", is the need to characterize the properties of the entry points and called APIs. [You would have to do this regardless if the tool was static or dynamic, because the correctness of the program under test depends on the gaurantees it is provided at entry and the gaurantees that the foreign APIs provide it].
Upvotes: 1
Related Questions
- Static analysis for partial C++ programs
- Static code analyzers for C
- Open Source Static Code Analysis Models
- Static analysis tool for C programs
- C++ dynamic review tools
- Is there any static checking tool to check buggy code like this
- C++ code analysis tools
- Static Analysis API's?
- static code analysis tools for spotting 64bit portability problems?
- GCC code statistics/analysis