Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > C++ > Static code analysis

Reply
Thread Tools

Static code analysis

 
 
Jens Nordahl
Guest
Posts: n/a
 
      04-22-2004

On a large scale C++ project we are considering to make a static code
analysis tool capable of giving answers to high level questions like
(examples):

- Which entry points on this layer in the software can result in
calls to a given function on a lower layer

- Which tables in a database can be updated by executing from a given entry
point in a given layer

- Which business logic classes are used from both of two given entry points
in a given layer

- etc...

What we plan to do is to make our compiler (or some other standard tool)
generate source browser info or something similar, post process this source
browser info into a call graph, and make a query tool capable of analyzing
the call graph according to user queries and thus provide answers to
questions like those listed above.

Some things we would have to take into account are

- Parts of the application are table driven (ie. which function to call is
depending on circumstances looked up in configuration tables). To cater for
this, we might extend the call graph with arcs corresponding to the
information in the configuration tables.

- Polymorphism: The call graph must deal with polymorphism in a way that
makes sense in our application - this means that for each virtual function
in a base class, the call graph should contain an arc from that function to
any overrides in base classes. Otherwise we would not be able to track a
call through a base class pointer to the implementation in a derived class.

- The tool is for internal use only, so it does not need to be slick in any
sense, but it is a must that we can trust the results produced.


My questions are:

- Can any existing tools make analyses like this? (Bear in mind that such a
tool would have to be configurable and extensible to take into account the
way our application is structured, eg. that parts of our application is
table driven.)

- Is it possible to make such a tool work in the real world at all? There
might be fundamental problem we havent thought of like eg. algorithmic
complexity.

- Anyone with experiences with making or using a similar tool?


Thanks
Jens


--
Jens Nordahl
Remove these characters for sending mail: r, t, c, f, s and m
 
Reply With Quote
 
 
 
 
Claudio Puviani
Guest
Posts: n/a
 
      04-22-2004
"Jens Nordahl" <(E-Mail Removed)> wrote
>
> On a large scale C++ project we are considering to make a static code
> analysis tool capable of giving answers to high level questions like
> (examples):
>
> - Which entry points on this layer in the software can result in
> calls to a given function on a lower layer
>
> - Which tables in a database can be updated by executing from a given entry
> point in a given layer
>
> - Which business logic classes are used from both of two given entry points
> in a given layer
>
> - etc...
>
> What we plan to do is to make our compiler (or some other standard tool)
> generate source browser info or something similar, post process this source
> browser info into a call graph, and make a query tool capable of analyzing
> the call graph according to user queries and thus provide answers to
> questions like those listed above.
>
> Some things we would have to take into account are
>
> - Parts of the application are table driven (ie. which function to call is
> depending on circumstances looked up in configuration tables). To cater for
> this, we might extend the call graph with arcs corresponding to the
> information in the configuration tables.
>
> - Polymorphism: The call graph must deal with polymorphism in a way that
> makes sense in our application - this means that for each virtual function
> in a base class, the call graph should contain an arc from that function to
> any overrides in base classes. Otherwise we would not be able to track a
> call through a base class pointer to the implementation in a derived class.
>
> - The tool is for internal use only, so it does not need to be slick in any
> sense, but it is a must that we can trust the results produced.
>
>
> My questions are:
>
> - Can any existing tools make analyses like this? (Bear in mind that such a
> tool would have to be configurable and extensible to take into account the
> way our application is structured, eg. that parts of our application is
> table driven.)
>
> - Is it possible to make such a tool work in the real world at all? There
> might be fundamental problem we havent thought of like eg. algorithmic
> complexity.
>
> - Anyone with experiences with making or using a similar tool?


SourceNavigator does a respectable job, but obviously, it doesn't try to make
guesses about table-driven applications. It's open source, so you're free to
adapt it, but be aware that doing so (or writing your own) is probably a bigger
project than whatever you plan to document.

Details about SourceNavigator can be found on the web or possibly in one of the
Red Hat newsgroups. Unfortunately, it is off-topic for comp.lang.c++.

Claudio Puviani


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: any (preferably open source) static analysis tool or methodologies/studiesto translate ANSI [C|C++] or java code to XML? Joe Kesselman XML 0 09-28-2011 04:55 AM
Evaluating static analysis and Dynamic analysis tools for C/C++ ssubbarayan C Programming 5 11-03-2009 12:50 AM
Static Java Code Analysis kramer31 Java 3 02-21-2009 02:20 AM
A method of static code analysis Logan Lee C Programming 5 12-24-2007 01:57 PM
Static Code Analysis Tools Don C Programming 1 07-25-2003 05:28 PM



Advertisments