SofCheck Inspector

Last updated

The SofCheck Inspector [1] is a static analysis tool for Java and Ada. It statically determines and documents the pre- and postconditions of Java methods or Ada subprograms, and uses that information to identify logic flaws, [2] race conditions, and redundant code in an individual Java class or Ada package, a subsystem, or a complete program. The SofCheck Inspector is produced by SofCheck, Inc., a software product company in Burlington, Massachusetts.

Contents

The SofCheck Inspector static analysis engine is used within the CodePeer [3] static analysis product from AdaCore.

See also

Related Research Articles

In computer science, static program analysis is the analysis of computer programs performed without executing them, in contrast with dynamic program analysis, which is performed on programs during their execution.

Code review is a software quality assurance activity in which one or several people check a program mainly by viewing and reading parts of its source code, and they do so after implementation or as an interruption of implementation. At least one of the persons must not be the code's author. The persons performing the checking, excluding the author, are called "reviewers".

Jtest is an automated Java software testing and static analysis product developed by Parasoft. The product includes technology for Data-flow analysis, Unit test-case generation and execution, static analysis, regression testing, code coverage, and runtime error detection. Jtest is used by companies such as Cisco Systems, TransCore, AIG United Guaranty, and Wipro Technologies. It is also used by Lockheed Martin for the F-35 Joint Strike Fighter program (JSF).

Coverity American software company

Coverity is a proprietary static code analysis tool from Synopsys. This product enables engineers and security teams to find and fix software defects.

Fortify Software

Fortify Software, later known as Fortify Inc., is a California-based software security vendor, founded in 2003 and acquired by Hewlett-Packard in 2010 to become part of HP Enterprise Security Products. Since 2017, Fortify's products have been owned by Micro Focus.

Klocwork is a static code analysis tool owned by Minneapolis, Minnesota-based software developer Perforce. Klocwork software analyzes source code in real time, simplifies peer code reviews, and extends the life of complex software.

Coding conventions are a set of guidelines for a specific programming language that recommend programming style, practices, and methods for each aspect of a program written in that language. These conventions usually cover file organization, indentation, comments, declarations, statements, white space, naming conventions, programming practices, programming principles, programming rules of thumb, architectural best practices, etc. These are guidelines for software structural quality. Software programmers are highly recommended to follow these guidelines to help improve the readability of their source code and make software maintenance easier. Coding conventions are only applicable to the human maintainers and peer reviewers of a software project. Conventions may be formalized in a documented set of rules that an entire team or company follows, or may be as informal as the habitual coding practices of an individual. Coding conventions are not enforced by compilers.

The Bauhaus project is a software research project collaboration among the University of Stuttgart, the University of Bremen, and a commercial spin-off company Axivion formerly called Bauhaus Software Technologies. The Bauhaus project serves the fields of software maintenance and software reengineering.

GrammaTech is a software-development tools vendor based in Bethesda, Maryland with a research center based in Ithaca, New York. The company was founded in 1988 as a technology spin-off of Cornell University. GrammaTech is a provider of application security testing products and software research services.

Parasoft Software testing framework

Parasoft is an independent software vendor specializing in automated software testing and application security with headquarters in Monrovia, California. It was founded in 1987 by four graduates of the California Institute of Technology who planned to commercialize the parallel computing software tools they had been working on for the Caltech Cosmic Cube, which was the first working hypercube computer built.

JSLint JavaScript static code analysis tool

JSLint is a static code analysis tool used in software development for checking if JavaScript source code complies with coding rules. It is provided primarily as a browser-based web application accessible through the domain jslint.com, but there are also command-line adaptations. It was created in 2002 by Douglas Crockford.

Polyspace is a static code analysis tool for large-scale analysis by abstract interpretation to detect, or prove the absence of, certain run-time errors in source code for the C, C++, and Ada programming languages. The tool also checks source code for adherence to appropriate code standards.

JSHint is a static code analysis tool used in software development for checking if JavaScript source code complies with coding rules. JSHint was created in 2011 by Anton Kovalyov as a fork of the JSLint project. Anton and others felt JSLint was getting "too opinionated", and did not allow enough customization options. The JSHint maintainers publish both an online version, and a command-line version.

CodePeer is a static analysis tool, which identifies constructs that are likely to lead to run-time errors such as buffer overflows, and it flags legal but suspect code, typical of logic errors in Ada programs. All Ada run-time checks are exhaustively verified by CodePeer, using a variant of abstract interpretation. In October 2014, CodePeer was qualified for use in safety-critical contexts as a sound tool for identifying possible run-time errors. CodePeer also produces detailed as-built documentation of each subprogram, including pre- and post-conditions, to help with code review and to ease locating potential bugs and vulnerabilities early.

RIPS is a static code analysis software for the automated detection of security vulnerabilities in PHP and Java applications. The initial tool was written by Johannes Dahse and released during the Month of PHP Security in May 2010 as open-source software. The open-source version is released under the Lesser GNU General Public License and was maintained until 2013.

Kiuwan is a software as a service (SaaS) static application security testing multi-technology software for software analysis, code quality, software composition and security measurement/management. They provide services to industries across the globe, specializing in code security analysis for Banking, Finance, Insurance and Information Technology organizations.

Perforce, legally Perforce Software, Inc., is an American developer of software used for developing and running applications, including version control software, web-based repository management, developer collaboration, application lifecycle management, web application servers, debugging tools and Agile planning software.

Code Dx refers to both a software company and its flagship product, a vulnerability management system that combines and correlates the results generated by a wide variety of static and dynamic testing tools.

References

  1. "SofCheck : SoftCheck Inspector : Find Errors Faster". Archived from the original on 2007-09-28. Retrieved 2009-02-23.
  2. "STSC CrossTalk - Being Explicit About Security Weaknesses - Mar 2007". Archived from the original on 2007-05-19. Retrieved 2007-04-26.
  3. "CodePeer". AdaCore.com. Archived from the original on 2012-02-23. Retrieved 2016-08-10.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.