Code Debug, Analysis and Change Tools

2009 Oct 11

Drivers Internal
Runtime		 External
Runtime		 External
Post Crash		 External Static
Source Analysis
Code Change
Management		 Code
Differencing		 Code
Search
Development Documenting Bug
Tracking		 SQL Report
Writer
Links: www.vokestream.com/ SAMATE
Services: Citigal, Veracode, MITRE
Parameters in this color must be provided by each user/developer/tester.
Category Name Cost Environ Documentation Usage and Notes
Drivers MS Static
Driver
Verifier		 free MSWin MS Looks at drivers (static) - part of Win Driver Kit. Lang: C, C++.
Internal
Runtime		 internal code free +
time		 Tools and IDEs Controlled at compile time and run time, optionally using signature matching (internal code can modify debug state based on system behavior). This requires extensive redesign and refactoring to make a more flexible and complete implementation. Will save substantial debug time.
gprof free appliance Manuals,
More,
Multithreaded,
Mozilla,
FreeSoft,
call graph
 Code profiling.
gcov free appliance How to,
Example
 Creates snapshots into web pages of executed code coverage. Can be cumulative over multiple runs. Works with gcc.
External
Runtime		 gdb free appliance man gdb
Home URL
On line books $0
Pocket Ref. $10
{ By Stallman $30, online $0 }
Amazon $
 To observe an already running (and perhaps hung) process, ssh to appliance and run gdb with command line:
gdb attach pid
ddd free appliance
or linux
compile
server		 gnu
 A graphical X window front-end for command line debuggers such as: gdb, dbx, wdb, ladebug, jdb, xdb, perl debugger, or the python debugger
valgrind free appliance home
Manuals and FAQs
 Finds run time errors. Manually run process from command:
valgrind optional_switches process
kcachegrind free linux home
 Cache profiling tool plus call graphs. Works with gcc.
massif free linux home
 Heap profiler tool.
insure++ $??? appliance home
setup (internal)
 Finds run time errors for C/C++ programs.
purify $10000 linux,
unix		 setup
 Finds run time errors for C/C++ programs. Requires special compile. Executable is much slower.
External
Post Crash		 gdb free appliance
or linux
compile
server
see below
 Must have access to executable file and core file:
gdb executable core
External
Static
Source
Analysis

Links		 AntiC free all info
source
 C/C++, Java lint program. Does not need to open header files. Currently available on 10.1.16.1 (rd3) and 10.1.1.7. To use type:
antic *.c
in any source directory. Or type:
antic dir
to recursively examine sub directories for source files (default is *.c, and *.java with -java switch).
Axivion $?? linux,
FreeBSD,
HPUX,
Solaris,
Windows		 home Defect and security analysis.
BLAST free linux,
Eclipse,
Windows		 home A software model checker - checks that software satisfies behavioral properties of the interfaces it uses.
C-Metrics $20 MSWin home Measure cyclomatic complexity (valuable to point out code ineffeciency or complexity) and other static features of C/C++ source files. Can be used on source base using samba. Does not need to be able to open header files named in #include.
cleanscape $300 MSWin home C/C++ lint program. Needs to be able to open header files named in #include (a problem with our current setup).
CodeCheck $495+ dos, mac, linux/unix, os/2, winNT home Source code analysis for C/C++, compliance, adherence to specification, complexity, embedded development, maintainability, and portability.
CodeSonar $4000+ linux,
Solaris,
MSWin
Mac OS X		 home Defect and security analysis for C/C++ Ada.
CScout $?? linux,
FreeBSD,
Solaris,
MSWin		 home Defect and security analysis for C.
Devinspect $2000 MSWin HP Java, .NET, C# and VB
Flawfinder free linux home Examines C source code and reports possible security weaknesses.
Fortify 360 ??? AIX
linux
Mac OX X MSWin		 ASp, Java, C, Cobol, SQL, VB, ...(17 total).
Klocwork $2750,
$15K for
build anal		 AIX
linux
Solaris
MSWin		 home Examines C, C++, Java source code and reports potential security issues and bugs.
pc-lint $239 MSWin home C/C++ code checker.
prevent $10,000+ BSD
linux,
Solaris,
MSWin
Max OS X		 home Architecture Visualization, Architecture Checking, Interface Analysis, Metrics, Clone Detection, Dominance Analysis, Style Checking, etc. Languages: C, C++, C#, Java.
Rational
Software
Analyzer		 $3500 linux
MSWin		 home C, C++
Source
Insight		 $255 MSWin home Source Editer& Graphical Browser for C/C++/C#/Java
splint free linux home Security-centric lint program. Usage requires command line switches of the form:
-Ipath
to specify where to find header files named in #include.
understand $?? MSWin home Helps analyze large code bases in C/C++, Java, Ada, Fortran, pascal, Jovial.
tracer $?? MSWin home Security analysis of source code.
Veracode
SDLC		 $?? MSWin home Security analysis of source code for C, C++, C#, Java, also binary!
Code
Change
Management		 rcs free linux, unix man rcs Comes with linux, unix distributions.
cvs free linux home
 Code versioning tool using rcs.
WinCvs free MSWin home
ghome
 A GUI front-end for cvs. Scripting requires TCL or Python. Does not seem to support Samba.
gCvs free linux home
 A GUI front-end for cvs. Scripting requires TCL.
MacCvs free Mac OS home
 A GUI front-end for cvs.
ViewCVS
or ViewVC		 free POSIX
BSD		 home
 A web-based version control repository browser, currently supporting cvs and Subversion repositories.
perforce $800+ linux home
 Code versioning tool.
Subversion free linux home,
book,
vs. Clear Case
 Code versioning tool.
Keyword substitution.
tortoisesvn free MSWin 1 SVN client - extends shell.
kdesvn free linux Home: 1, 2
handbook
Info: 1, 2, 3, 4, 5 		GUI for SVN.
Fisheye $1200+ linux 1 Web base SVN repository viewer.
Code
Differencing		 diff free linux man diff Comes with linux/unix distributions.
hdiff free linux download,
Archive
 An html version of diff. Use hdiff -10000 >bugnum.html, to get a context of the previous and subsequent lines of 10000 (default is 2); e.g. hdiff -99999 >bug8888.html.
WinDiff free MSWin home
download
 Shows side by side differences in context of full file.
Compare It! $27 MSWin home
 Shows side by side differences in context of full file. Supports unicode files.
tkdiff free MSWin,
linux
(avail on 10.1.1.7)		 home
 Shows side by side differences in context of full file.
Here is a useful script (tkdiffall) for seeing all changed files: 

#!/bin/bash
for file in `cvs -nq update | grep '^M'|awk '{print $2}'`
do
 echo tkdiff $file
 tkdiff $file &
done
xxdiff free linux,
IRIX,
Solaris,
HPUX		 home1,
home2,
home3
 Shows side by side differences in context of full file. Also works with cvs and subversion. Uses Python, diff and Qt UI toolkit.
Code
Search		 cscope free linux,
MSWin		 home,
cmnd line
MSWin
 Allows searching through large code base, uses curses. See Cbrowser for UI based version.
CodeSurfer $?? linux,
Solaris,
MSWin		 home
 Allows searching through large code base, nice GUI.
lxr free linux,
BSD,
Unix		 home
 Linux Cross Referencer.
Development pcyacc $495-
$1995		 dos, mac, linux/unix, os/2, winNT home
 Professional language development tookit.
Documenting doxygen free linux home
Debian
 Uses special comments imbedded in code to generate documentation.
Bug
Tracking		 mantis free linux home
plugin
 Bug report data base.
bugzilla free linux home
 Bug report data base.
trac free linux home
 Bug/issue tracking, SW project management, interface to version control, wiki.
Commercial Info: 1, 2, 3, 4 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20,
SQL
Report
Writer		 OpenRPT free linux,
Solaris,
AIX,
HPUX,
MSWin,
Mac OS		 home
 Similar in functionality to Crystal Reports or the Microsoft Access report writer. Supports PostgreSQL and (with a little work) MySQL, DB2, Oracle, SQL Server, ODBC

Static analyzers can find these security bugs:

2005-2009