J
Jens Nordahl
On a large scale C++ project we are considering to make a static code
analysis tool capable of giving answers to high level questions like
(examples):
- Which entry points on this layer in the software can result in
calls to a given function on a lower layer
- Which tables in a database can be updated by executing from a given entry
point in a given layer
- Which business logic classes are used from both of two given entry points
in a given layer
- etc...
What we plan to do is to make our compiler (or some other standard tool)
generate source browser info or something similar, post process this source
browser info into a call graph, and make a query tool capable of analyzing
the call graph according to user queries and thus provide answers to
questions like those listed above.
Some things we would have to take into account are
- Parts of the application are table driven (ie. which function to call is
depending on circumstances looked up in configuration tables). To cater for
this, we might extend the call graph with arcs corresponding to the
information in the configuration tables.
- Polymorphism: The call graph must deal with polymorphism in a way that
makes sense in our application - this means that for each virtual function
in a base class, the call graph should contain an arc from that function to
any overrides in base classes. Otherwise we would not be able to track a
call through a base class pointer to the implementation in a derived class.
- The tool is for internal use only, so it does not need to be slick in any
sense, but it is a must that we can trust the results produced.
My questions are:
- Can any existing tools make analyses like this? (Bear in mind that such a
tool would have to be configurable and extensible to take into account the
way our application is structured, eg. that parts of our application is
table driven.)
- Is it possible to make such a tool work in the real world at all? There
might be fundamental problem we havent thought of like eg. algorithmic
complexity.
- Anyone with experiences with making or using a similar tool?
Thanks
Jens
analysis tool capable of giving answers to high level questions like
(examples):
- Which entry points on this layer in the software can result in
calls to a given function on a lower layer
- Which tables in a database can be updated by executing from a given entry
point in a given layer
- Which business logic classes are used from both of two given entry points
in a given layer
- etc...
What we plan to do is to make our compiler (or some other standard tool)
generate source browser info or something similar, post process this source
browser info into a call graph, and make a query tool capable of analyzing
the call graph according to user queries and thus provide answers to
questions like those listed above.
Some things we would have to take into account are
- Parts of the application are table driven (ie. which function to call is
depending on circumstances looked up in configuration tables). To cater for
this, we might extend the call graph with arcs corresponding to the
information in the configuration tables.
- Polymorphism: The call graph must deal with polymorphism in a way that
makes sense in our application - this means that for each virtual function
in a base class, the call graph should contain an arc from that function to
any overrides in base classes. Otherwise we would not be able to track a
call through a base class pointer to the implementation in a derived class.
- The tool is for internal use only, so it does not need to be slick in any
sense, but it is a must that we can trust the results produced.
My questions are:
- Can any existing tools make analyses like this? (Bear in mind that such a
tool would have to be configurable and extensible to take into account the
way our application is structured, eg. that parts of our application is
table driven.)
- Is it possible to make such a tool work in the real world at all? There
might be fundamental problem we havent thought of like eg. algorithmic
complexity.
- Anyone with experiences with making or using a similar tool?
Thanks
Jens