Static Analyzer for C Source Code

Supporting various kinds of vulnerabilities such as integer overflow, buffer overflow and null pointer dereferences.1

Supporting fine-grained adjustment on precision-efficiency trade-off by configuration.

Supporting a single source file, multiple source files and various compilation environments.

Friendly user interface for locating, tracing and managing analysis results.

A CWE-compatible tool.2


1. Supported defects can be referred in User Manual
2. For more information on CWE-compatibility, please visit CWE Compatibility Home.

Precise, and Efficient

On the Juliet Test Suite, the overall false-positive rate is 0.6%, and the overall false-negative rate is 0.6%3

The overall time cost on analyzing Wireshark project which has more than 2.97 MLOC in approximately 1.4 hours.4


3. The Juliet Test Suite is available at here.The experiment focuses on 25 supported CWE categories which contain a total of 14793 test programs. The machine that runs the experiment is equipped with Intel(R) Core(R) i7-4790K and 32 GB memory, while running Ubuntu 16.04 LTS.
4. The experiment analyzes Wireshark 2.2.1. The machine that runs the experiment is equipped with Intel(R) Xeon(R) E5-2603v3 and 64 GB memory, while running Ubuntu 16.04 LTS.

Contact Us

Please mail to us for an evaluation copy

Please mail to us for a technical support




Copyright©2018 Institute of Software System and Engineering, School of Software, Tsinghua University