Tools

Static Analysis

• GenMC - is a stateless model checker for C programs that works on the level of LLVM Intermediate Representation.
• CBMC - bounded model-checker for C programs, user-defined assertions, standard assertions, several coverage metric analyses
• clang-tidy - clang static analyser
• CMetrics - Measures size and complexity for C files
• CodeSonar from GrammaTech ©️ - Advanced, whole program, deep path, static analysis of C and C++ with easy-to-understand explanations and code and path visualization.
• Corrode - Semi-automatic translation from C to Rust. Could reveal bugs in the original implementation by showing Rust compiler warnings and errors.
• cppcheck - static analysis of C/C++ code
• CppDepend ©️ - Measure, query and visualize your code and avoid unexpected issues, technical debt and complexity.
• cpplint - automated C++ checker that follows Google's style guide
• cqmetrics - quality metrics for C code
• CScout - complexity and quality metrics for for C and C preprocessor code
• flawfinder - finds possible security weaknesses
• flint++ - cross-platform, zero-dependency port of flint, a lint program for C++ developed and used at Facebook.
• Frama-C - a sound and extensible static analyzer for C code
• IKOS - a sound static analyzer for C/C++ code based on LLVM
• oclint - static analysis of C/C++ code
• Polyspace Bug Finder ©️ - identifies run-time errors, concurrency issues, security vulnerabilities, and other defects in C and C++ embedded software.
• Polyspace Code Prover ©️ - provide code verification that proves the absence of overflow, divide-by-zero, out-of-bounds array access, and certain other run-time errors in C and C++ source code.
• scan-build - Analyzes C/C++ code using LLVM at compile-time
• splint - Annotation-assisted static program checker
• vera++ - Vera++ is a programmable tool for verification, analysis and transformation of C++ source code.

Dynamic Analysis

• https://software.intel.com/en-us/articles/pin-a-dynamic-binary-instrumentation-tool
• http://dynamorio.org/
• https://dyninst.org/
• https://www.frida.re/
• DynInst https://dyninst.github.io/scalable_tools_workshop/petascale2018/assets/slides/dyninst_updates.pdf
• Online Decision Table for testing
• LD_PRELOAD
  • more https://github.com/gaul/awesome-ld-preload
  • https://github.com/yugr/valgrind-preload
  • https://github.com/yugr/sortcheck
  • https://github.com/yugr/libdebugme
  • https://github.com/yugr/sigcheck
  • https://github.com/zardus/preeny
  • Memory: failmalloc, mi-malloc

Если сделать обёртку для вызовов malloc() и free(), то можно собирать статистику о потреблении памяти и выявлять утечки памяти. Можете написать свою обёртку, а можете взять libtcmalloc.

Mutation Testing

• Mutation Testing: From Theory to Practice - Ali Parsai

Tool	Operators	Engine	Description	Mutant generation level
Mull	Supported mutations	LLVM
Frama-C mutation plugin	Replacement of a binary operator, Condition reversal, Loop invariant deletion, Postcondition deletion, Conjunction pruning, Replacement of numerical values	Frama-C
Mutate++
accmut	Supported mutations	LLVM-IR	http://sei.pku.edu.cn/~xiongyf04/papers/ISSTA17.pdf
MUSIC		LLVM
dextool		LLVM
CCMutator	Supported operators	LLVM
MuCPP

• Mull, publication - Mull it over: mutation testing based on LLVM.
• Frama-C plugin
• mutate_cpp
• MuCPP, publication - Assessment of Class Mutation Operators for C++ with the MuCPP Mutation System
• accmut, publication - Faster mutation analysis via equivalence modulo states
• MUSIC, publication - MUSIC: Mutation Analysis Tool with High Configurability and Extensibility
• yuejia/Milu [abandoned]
• MILU: A Customizable, Runtime-Optimized Higher Order Mutation Testing Tool for the Full C Language
• dextool
• markus-kusano/CCMutator [abandoned]
• CCmutator: A Mutation Generator for Concurrency Constructs in Multithreaded C/C++ Applications
• SRCIROR - A mutation tool for source and IR
• https://en.wikipedia.org/wiki/Mutation_testing#External_links

Test Results

• https://github.com/bbc/testmine