Secure coding tools

From Simson Garfinkel
(Redirected from Formal Verification)
Jump to navigationJump to search


  • Clang Thread Safety Analysis
  • Rosecheckers – perform static analysis on C/C++ source
  • Compiler-Enforced Buffer Overflow Elimination


  • DidFail – uses static analysis to detect potential leaks – Android

See also:

Formal Verification Tools

CompCert is a formally verified optimizing C compiler. "On typical embedded processors, code generated by CompCert typi­cally runs twice as fast as code generated by GCC without optimizations, and only 20% slower than GCC code at optimization level 3. Details about the benchmark mix used to obtain these numbers are avail­able on request."

CompCert is free for non-commercial use.

Optimization Based on Undefined Behavior

  • Undefined Behavior: What Happened to my Code?, Xi Wang, Haogang Chen, Alvin Cheung, Zhihao Jia, Nickolai Zeldovich, M. Frans Kaashoek, APSys ’12, July 23–24, 2012, Seoul, S. Korea, Copyright 2012 ACM 978-1-4503-1669-9/12/07