How to build a static code analysis tool?

static-analysis
codeanalyser picture codeanalyser · Dec 17, 2010 · Viewed 8k times · Source

I m in process of understanding and building a static code analysis tool for a proprietary language from a big company. Reason for doing this , I have to review a rather large code base , and a static code analysis would help a lot and they do not have one for the language so far.

I would like to know how does one go about building a static code analysis tool , for e.g. Lint or SpLint for C.

Any books, articles , blogs , sites..etc would help.

Thanks.

Answer

Tony Richards picture Tony Richards · Jan 30, 2014

I know this is an old post, but the answers don't really seem that satisfactory. This article is a pretty good introduction to the technology behind the static analysis tools, and has several links to examples.

A good book is "Secure Programming with Static Analysis" by Brian Chest and Jacob West.

Related questions

What static analysis tools are available for C#?

What tools are there available for static analysis against C# code? I know about FxCop and StyleCop. Are there others? I've run across NStatic before but it's been in development for what seems like forever - it's looking pretty slick …

Read More
How to perform static code analysis in php?

Is there an static analysis tool for PHP source files? The binary itself can check for syntax errors, but I'm looking for something that does more, like: unused variable assignments arrays that are assigned into without being initialized first and …

Read More
What open source C++ static analysis tools are available?

Java has some very good open source static analysis tools such as FindBugs, Checkstyle and PMD. Those tools are easy to use, very helpful, runs on multiple operating systems and free. Commercial C++ static analysis products are available. Although having …

Read More