Geek Answers Handbook

Static Analysis API?

I'm interested in the static analysis tools that are. Rather, an API that is supported to allow me to write my own tools using these APIs. Over the past years, I have written dozens of my current classes that have carefully analyzed our source code (C ++) for various things. But one thing I want to know is the other available static analysis API. So

My question

  • What static analysis API are you using?
  • Why are you using it?
  • What is one thing you wrote with her?

As for me, my answers are:

What: I use the API to understand 4 C ++.

Why: I use it because:

  • The C API for it is a single header file (very small)
  • API C almost does not require memory management
  • I wrote a managed wrapper around it, so I can use C # with it!
  • The API is very small, but powerful in finding various things.

One tool: Well, last week I wrote a tool for a virtual function in a base class, and then for changing accessibility and all virtual overrides on derived classes. It would take me a week to do this manually. Using a tool that took me a very short time, I was able to change almost a thousand files with the click of a button. cool

Note: I also played with the C ++ code model, which is available in Visual Studio, and was successful at writing macros to target it.

Thank you and I look forward to any of your answers.

+4
source share
4 answers

Our DMS Software Reengineering Toolkit is a commercially available, versatile source code parsing / analysis / conversion tool for many languages, including C, C ++, C #, Java, COBOL, ...

It uses explicit langauge definitions (such as BNF) to control parsing machines to directly create AST; DMS supports several dialects for some languages. There are built-in analyzers to support the construction of symbol tables, management and anlaysis data flow, point analysis, character range analysis ...

For C, Java, and COBOL, the built-in analysis engine is tied to language definitions, so you can use these parsers as the basis for user analysis that you might want to build. C ++ has symbol tables, but is not yet bound to other internal analyzers, but there are mechanisms.

DMS also provides procedural transformations of the source and source, due to the results of the analysis, on top of all this; modified AST can be beautiful for the regeneration of a compiled source complete with original comments.

Your three questions:

1. What static analysis API are you using?

  • DMS + APIs described above.
  • You can use the transformational aspect for dynamic analysis.

2. Why are you using it?

  • Mainly to support the creation of custom tools. It's amazing how many different questions people have about code, and how many ways they want to change a large application.

3. What is one thing you wrote with her?

  • B-2 Stealth Bomber JOVIAL-to-C Translator (seriously, see website).
  • Retrieving the IBM mainframe application architecture.
  • Automatic restructuring of components in C ++.
  • Clone Detection.
  • Coating Testing and Shapers
  • Smart differencer
  • (see website for a more detailed list)
+2
source

clang is trying to provide a useful set of libraries for static analysis of its supported languages. Unfortunately, although its C support is pretty good, its C ++ support is currently pretty incomplete. (Clang C ++ support is now mature and even many C ++ 11 features work)

Why use it? This is a full-blown compiler, so you can get the full visibility of the code you work with. The APIs (at least mostly) are pretty nicely designed with C ++.

I have not written anything serious with him. I am currently working on a tool that uses the Index library to find headers that are included but never referenced, but it has not yet been completed (and perhaps never will be - I only intended to do this as an excuse for learning, not really useful tool).

+6
source

Our tool, called CodeSonar , is a commercial advanced static analysis tool for C / C ++ programs. It offers several APIs that can be used to extend its functionality. Please note that it is intended for analysis and not for software transformations.

There are APIs (both in C and in the Scheme) that allow access to software AST (which contain symbol tables), CFG for each subprogram, call graph of the entire program, compilation units, include files, etc. All these representations are interconnected with location information, so you can return to the line of the responsible code.

The analysis engine visits all of these data structures, and the user can write a checker specifying a callback to call during the visit.

CodeSonar is a path dependent analysis tool. The study of the path is difficult because some paths are not feasible, and the exclusion of them from consideration requires some effort. It is important to eliminate invalid paths in order to support false positives. CodeSonar allows users to piggyback their trajectory, again using a visitor template that allows them to write path-sensitive control parameters without having to research the potential path themselves.

This mechanism has been used to implement validation, which finds deviations from the rather complex idiom of error messages.

Another way to write checks is to use a special special-purpose API, the purpose of which should not be met, but to train the analysis mechanism about the properties of the program. Roughly speaking, you can use this API to write code that is similar to what you write to dynamically check a property, but which is โ€œinterpretedโ€ instead using a symbolic execution mechanism. You can decorate your own code with calls to this API or leave everything aside.

Many of CodeSonar's built-in checkers for using the API are specified in this way.

Written checks are only half the battle. When you have a supervisor in production, you need a way to manage what he finds. All the mechanisms described above generate reports that populate the database, and there is a web-based user interface for viewing results, adding notes, integrating with other tools, etc.

Hope this helps!

+4
source

NDepend is a .NET static analyzer that comes with the full NDepend.API for writing your own static analyzer.

Disclaimer: I am one of the developers of this tool

NDepend.API supports LINQ. Over 200 code rules . They are based on LINQ queries over NDepend.API, what we call CQLinq . These code rules cover a wide range of needs (API, evolution / diff, naming, architecture / design, metric / code quality, dead code, code coverage, OOP ...). You can adapt them to your needs and create your own ones.

14 Open Source Power Tools at NDepend.API. Power tools are actually custom static analyzers . Here you can also adapt them or create your own. If you download the NDepend bit, the source code for these Power Tools is in the VisualStudio solution: $ NDependInstallPath $ \ nDepend.PowerTools.SourceCode \ NDepend.PowerTools.sln

NDepend Power Tools List

+2
source

More articles:


All Articles