Free Static Code Analyzers

Static Source Code Analysis Utilities / Lint

Free Static Code Analyzers (Static Source Code Analysis Tools/Lint)

These static code analysis tools scan the source code of your program looking for potential bugs and suspicious constructs that can may be a bug waiting to happen. The term "lint" is sometimes used to refer to such tools because the earliest program (or, if not the earliest, then the most famous of the early tools) that performed such a function was called that.

The free programs below may validate code for different computer languages; that is, at the time this introduction was written, there are tools below to check C, C++, C#, Fortran, Go, Java, JavaScript, Python, PHP, Ruby, TypeScript, VB.NET, and so on. Read the description for each program to find out the specific language it supports.

Related Pages

Free Static Code Analyzers (Static Source Code Analysis Tools/Lint)

SonarQube (C#, Java, JavaScript, Python, PHP, Ruby, TypeScript, VB.NET, etc) New

SonarQube detects bugs, vulnerabilities, code smells (ie, a characteristic in the source code that may suggest a deeper problem) in code written in Java, JavaScript, C#, TypeScript, Kotlin, Ruby, Go, Scala, Flex, Python, PHP, HTML, CSS, XML and VB.NET. Note that it installs a web server on your machine that has to be accessed using your web browser. It is written in Java, and thus works on systems that have a Java virtual machine (eg, Windows, macOS, and Linux). The Community Edition is open source.

cppcheck (C, C++)

Cppcheck analyzes C/C++ code to look for undefined behaviour and dangerous constructs. Among the many types of bugs/errors caught by the program are dead pointers, division by zero, integer overflow, invalid bit shift operands, invalid conversions, memory management issues (eg, leaks), null pointer dereferences, out of bounds checking, uninitialized variables, writing const data, invalid use of STL, exception safety, unused functions, checking of conditions (eg, mismatched assignments/conditions, useless conditions), buffer overruns, etc. Precompiled executables are available for Windows, although you can also compile it from source code (which you will need to do if you use other systems, like Linux).

Phan (PHP)

Phan is a static code analyzer for PHP programs. It depends on PHP 7.1 and later, and can analyze the syntax of PHP 7.0 to 7.4 (and presumably later versions when those become available). Among other things, it can check type safety; backward compatibility between PHP 7 and 5; features that aren't supported in various PHP versions; valid return values; unused, dead and unreachable code; unused variables and parameters; redefinition of classes, functions and methods; make sure that methods, functions, classes, traits, interfaces, constants, variables are defined and accessible; sanity with array accesses; redundant, impossible, or pointless casts; sanity with class inheritance; and so on. It works on Windows, Mac OS X, Linux, and probably other Unix-based systems like the BSDs.

Clang Static Analyzer (C, C++, Objective C)

The Clang Static Analyzer scans your C, C++ or Objective C source code looking for potential sources of bugs. Binaries are only provided for Mac OS X, but you can build the program from its sources if you use Windows, Linux or perhaps other Unix-like systems. It can be used as a standalone tool to analyze your code even if you aren't compiling with Clang.

JSLint (JavaScript)

JSLint checks your JavaScript programs for style and structural constructs that may result in bugs. The program itself is written in JavaScript.

Splint / LCLint (C)

Splint (formerly LCLint) is a rewrite of the famous Unix lint utility. It is a static source code analyser, that checks your C program source code for bugs and potential problems. This static source code analysis tool requires a certain amount of configuration before you can use it productively. There are versions for a number of operating systems, including Windows, Linux and other Unix systems.

Ftncheck (Fortran)

ftncheck, a static source code analysis utility, checks your Fortran programs for semantic errors, leaks and potential bugs. For example, you can use ftncheck to scan your program for the use of uninitialized variables and undeclared variables. Source code and binaries for Windows, Mac OS X, Linux and Sun Solaris are available.

Jlint: Java Program Checker (Java)

Like the lint utility which checks C programs, jlint is a static source code analysis tool that scrutinizes your Java source code for "bugs, inconsistencies and synchronization problems". The source code is available under the GNU General Public License. Precompiled binaries for Windows are available.

Related Pages

Newest Pages

Popular Pages

How to Link to This Page

It will appear on your page as:

Free Static Code Analyzers (Static Source Code Analysis Tools/Lint) Free Webmaster Tutorials, Scripts and Articles Free How-To Guides Free Programmers, Webmasters and Security Resources
If you find this site useful, please link to us.