tags:

views:

210

answers:

4
Q: 

Developing a static source code analysis tool for proprietary API?

There is a proprietary API that is built on top of C++. So it uses all the features of C++ and then has its own APIs. There are some APIs that function exactly the same as C++ API (like for malloc there is Stralloc), these APIs are provided for performance reasons.

Though there are many static code analyzers available for C++, we cannot use any of them. There is a need to have a static code analyzer which could be run on the code with proprietary APIs.

I would like to know how do I begin developing the code analyzer. It may need not be very feature oriented like the ones available for C++. I want to start with basic stuff like reporting unused variables, buffer overflows, memory leaks.

Any guidance will be appreciated.

[UPDATE] I found the following question which is what I was looking for, only difference is, instead of Java my concern is for proprietary APIs. So far I have got couple of good answers but I would really like to know more from people who have been through such kind of development.

Introduction to Static Analysis

+2  A: 

I'm confused:

Is this a language implementation on top of C++ or just a set of APIs on top of C++?

If the latter, any normal C++ profiler will capture things like memory leaks and overflows.

thedz  2009-07-24 21:57:20
But surely such a profiler will be confused with things like boost::bind, signals, and other constructs which add non-imperative paradigms to C++.
EFraim  2009-07-24 22:00:19
Like I mentioned, there are APIs which are used in place of C++ APIs. For example instead of using free(), the Strfree() API is used which is exactly the same as free() but is used for performance reasons. So any normal C++ analyzer cannot recognize this.
 2009-07-24 22:08:39
+1  A: 

Do not try to write this from scratch. C++ is notoriously difficult to even parse, and I don't think you'd get far on this route.

You should use an extendible C++ static analyser, so that you can write your own plugins to analyse your library calls. Off the top of my head, I would suggest:

  • The gcc C++ front-end (gcc now has plugins)
  • The EDG C++ parser
  • Rose (uses EDG)
  • LLVM (perhaps using clang, but it might not be ready for primetime)
  • Microsoft's Phoenix Framework (I assume it can do this, I have not checked).

The best answer is likely clang or rose.

Paul Biggar  2009-07-24 23:03:34
+2  A: 

Solutions like Coverity and Klocwork have an extensible rule set where you can write your own rules. You can also configure the tool so that their standard memory checks understand custom memory allocators. Some limitations apply though.

It's useful to use these tools because then you can borrow off the same workflow. Again, it depends on what you code you have and what exactly you are looking to do.

 2009-07-26 05:58:23
Yes, it’s better to use an existing tool than reinvent the wheel. Coverity’s documentation isn’t publicly available, but Klocwork’s is; see <http://docs.klocwork.com/documentation/Tuning_C/C%2B%2B_analysis_through_knowledge_bases#Using_the_conditional_ALLOC_record> for an example of creating a knowledge base entry for a function that behaves like malloc. (Though if your source code ultimately calls malloc, you might not even need to do this; Klocwork might figure it out for itself.)
Flash Sheridan  2010-02-02 16:51:56
+1  A: 

Parsing C++ is very hard in practice. If you have a C++ extended dialect, you need a full C++ parser that is "easily" bent to your dialect, and has means to build analysis tools.

The DMS Software Reengineering Toolkit is fully customizable generic analysis and transformation infrastructure, providing general parsing, tree building, symbol table construction and flow analysis capabilities. It is used to build fully custom analyzers.

It has a C++ Front End that handles several standard dialects of C++, and can be customized to handle other extensions. The C++ front end has full preprocessor capabilities, parses and builds ASTs, and does full C++ name and type analysis.

Ira Baxter  2009-07-31 03:53:32

related questions

Of Memory Management, Heap Corruption, and C++
How do I make a GUI?
Alpha blending sprites in Nintendo DS Homebrew
Thread safe lazy contruction of a singleton in C++
Interview Programming Questions - In house Exam
Link issues (VC6)
What are the barriers to understanding pointers and what can be done to overcome them?
Why are professors or schools picking Java over C++ to teach to students?
What is the best way to create a sparse array in C++
C/C++ library for reading MIDI signals from a USB MIDI device
How do you pack a visual studio c++ project for release?
How to set up unit testing for Visual Studio C++
How do I configure and communicate with a serial port?
Lightweight IDE for Linux
Mapping Stream data to data structures in C#
CPU throttling in C++
Asynchronous multi-direction server-client communication over the same open socket?
Exceptions in C++
Heap corruption under Win32; how to locate?
Build for Windows NT 4.0 using Visual Studio 2005?
C++: Should I use nested classes in this case?
BerkeleyDB Concurrency
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS