Static code analysis

Discussion in 'C++' started by Jens Nordahl, Apr 22, 2004.

  1. Jens Nordahl

    Jens Nordahl Guest

    On a large scale C++ project we are considering to make a static code
    analysis tool capable of giving answers to high level questions like
    (examples):

    - Which entry points on this layer in the software can result in
    calls to a given function on a lower layer

    - Which tables in a database can be updated by executing from a given entry
    point in a given layer

    - Which business logic classes are used from both of two given entry points
    in a given layer

    - etc...

    What we plan to do is to make our compiler (or some other standard tool)
    generate source browser info or something similar, post process this source
    browser info into a call graph, and make a query tool capable of analyzing
    the call graph according to user queries and thus provide answers to
    questions like those listed above.

    Some things we would have to take into account are

    - Parts of the application are table driven (ie. which function to call is
    depending on circumstances looked up in configuration tables). To cater for
    this, we might extend the call graph with arcs corresponding to the
    information in the configuration tables.

    - Polymorphism: The call graph must deal with polymorphism in a way that
    makes sense in our application - this means that for each virtual function
    in a base class, the call graph should contain an arc from that function to
    any overrides in base classes. Otherwise we would not be able to track a
    call through a base class pointer to the implementation in a derived class.

    - The tool is for internal use only, so it does not need to be slick in any
    sense, but it is a must that we can trust the results produced.


    My questions are:

    - Can any existing tools make analyses like this? (Bear in mind that such a
    tool would have to be configurable and extensible to take into account the
    way our application is structured, eg. that parts of our application is
    table driven.)

    - Is it possible to make such a tool work in the real world at all? There
    might be fundamental problem we havent thought of like eg. algorithmic
    complexity.

    - Anyone with experiences with making or using a similar tool?


    Thanks
    Jens


    --
    Jens Nordahl
    Remove these characters for sending mail: r, t, c, f, s and m
     
    Jens Nordahl, Apr 22, 2004
    #1
    1. Advertising

  2. "Jens Nordahl" <> wrote
    >
    > On a large scale C++ project we are considering to make a static code
    > analysis tool capable of giving answers to high level questions like
    > (examples):
    >
    > - Which entry points on this layer in the software can result in
    > calls to a given function on a lower layer
    >
    > - Which tables in a database can be updated by executing from a given entry
    > point in a given layer
    >
    > - Which business logic classes are used from both of two given entry points
    > in a given layer
    >
    > - etc...
    >
    > What we plan to do is to make our compiler (or some other standard tool)
    > generate source browser info or something similar, post process this source
    > browser info into a call graph, and make a query tool capable of analyzing
    > the call graph according to user queries and thus provide answers to
    > questions like those listed above.
    >
    > Some things we would have to take into account are
    >
    > - Parts of the application are table driven (ie. which function to call is
    > depending on circumstances looked up in configuration tables). To cater for
    > this, we might extend the call graph with arcs corresponding to the
    > information in the configuration tables.
    >
    > - Polymorphism: The call graph must deal with polymorphism in a way that
    > makes sense in our application - this means that for each virtual function
    > in a base class, the call graph should contain an arc from that function to
    > any overrides in base classes. Otherwise we would not be able to track a
    > call through a base class pointer to the implementation in a derived class.
    >
    > - The tool is for internal use only, so it does not need to be slick in any
    > sense, but it is a must that we can trust the results produced.
    >
    >
    > My questions are:
    >
    > - Can any existing tools make analyses like this? (Bear in mind that such a
    > tool would have to be configurable and extensible to take into account the
    > way our application is structured, eg. that parts of our application is
    > table driven.)
    >
    > - Is it possible to make such a tool work in the real world at all? There
    > might be fundamental problem we havent thought of like eg. algorithmic
    > complexity.
    >
    > - Anyone with experiences with making or using a similar tool?


    SourceNavigator does a respectable job, but obviously, it doesn't try to make
    guesses about table-driven applications. It's open source, so you're free to
    adapt it, but be aware that doing so (or writing your own) is probably a bigger
    project than whatever you plan to document.

    Details about SourceNavigator can be found on the web or possibly in one of the
    Red Hat newsgroups. Unfortunately, it is off-topic for comp.lang.c++.

    Claudio Puviani
     
    Claudio Puviani, Apr 22, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Don

    Static Code Analysis Tools

    Don, Jul 25, 2003, in forum: C Programming
    Replies:
    1
    Views:
    380
    Eric Sosman
    Jul 25, 2003
  2. Logan Lee

    A method of static code analysis

    Logan Lee, Dec 24, 2007, in forum: C Programming
    Replies:
    5
    Views:
    290
    Mark McIntyre
    Dec 24, 2007
  3. kramer31

    Static Java Code Analysis

    kramer31, Feb 20, 2009, in forum: Java
    Replies:
    3
    Views:
    580
    Joshua Cranmer
    Feb 21, 2009
  4. ssubbarayan
    Replies:
    5
    Views:
    2,336
    Dave Hansen
    Nov 3, 2009
  5. Hubert ÅÄ™picki

    Static code analysis in Ruby 1.9

    Hubert ÅÄ™picki, Aug 23, 2010, in forum: Ruby
    Replies:
    5
    Views:
    166
    Michel Demazure
    Aug 24, 2010
Loading...

Share This Page