Static code analysis

J

Jens Nordahl

On a large scale C++ project we are considering to make a static code
analysis tool capable of giving answers to high level questions like
(examples):

- Which entry points on this layer in the software can result in
calls to a given function on a lower layer

- Which tables in a database can be updated by executing from a given entry
point in a given layer

- Which business logic classes are used from both of two given entry points
in a given layer

- etc...

What we plan to do is to make our compiler (or some other standard tool)
generate source browser info or something similar, post process this source
browser info into a call graph, and make a query tool capable of analyzing
the call graph according to user queries and thus provide answers to
questions like those listed above.

Some things we would have to take into account are

- Parts of the application are table driven (ie. which function to call is
depending on circumstances looked up in configuration tables). To cater for
this, we might extend the call graph with arcs corresponding to the
information in the configuration tables.

- Polymorphism: The call graph must deal with polymorphism in a way that
makes sense in our application - this means that for each virtual function
in a base class, the call graph should contain an arc from that function to
any overrides in base classes. Otherwise we would not be able to track a
call through a base class pointer to the implementation in a derived class.

- The tool is for internal use only, so it does not need to be slick in any
sense, but it is a must that we can trust the results produced.


My questions are:

- Can any existing tools make analyses like this? (Bear in mind that such a
tool would have to be configurable and extensible to take into account the
way our application is structured, eg. that parts of our application is
table driven.)

- Is it possible to make such a tool work in the real world at all? There
might be fundamental problem we havent thought of like eg. algorithmic
complexity.

- Anyone with experiences with making or using a similar tool?


Thanks
Jens
 
C

Claudio Puviani

Jens Nordahl said:
On a large scale C++ project we are considering to make a static code
analysis tool capable of giving answers to high level questions like
(examples):

- Which entry points on this layer in the software can result in
calls to a given function on a lower layer

- Which tables in a database can be updated by executing from a given entry
point in a given layer

- Which business logic classes are used from both of two given entry points
in a given layer

- etc...

What we plan to do is to make our compiler (or some other standard tool)
generate source browser info or something similar, post process this source
browser info into a call graph, and make a query tool capable of analyzing
the call graph according to user queries and thus provide answers to
questions like those listed above.

Some things we would have to take into account are

- Parts of the application are table driven (ie. which function to call is
depending on circumstances looked up in configuration tables). To cater for
this, we might extend the call graph with arcs corresponding to the
information in the configuration tables.

- Polymorphism: The call graph must deal with polymorphism in a way that
makes sense in our application - this means that for each virtual function
in a base class, the call graph should contain an arc from that function to
any overrides in base classes. Otherwise we would not be able to track a
call through a base class pointer to the implementation in a derived class.

- The tool is for internal use only, so it does not need to be slick in any
sense, but it is a must that we can trust the results produced.


My questions are:

- Can any existing tools make analyses like this? (Bear in mind that such a
tool would have to be configurable and extensible to take into account the
way our application is structured, eg. that parts of our application is
table driven.)

- Is it possible to make such a tool work in the real world at all? There
might be fundamental problem we havent thought of like eg. algorithmic
complexity.

- Anyone with experiences with making or using a similar tool?

SourceNavigator does a respectable job, but obviously, it doesn't try to make
guesses about table-driven applications. It's open source, so you're free to
adapt it, but be aware that doing so (or writing your own) is probably a bigger
project than whatever you plan to document.

Details about SourceNavigator can be found on the web or possibly in one of the
Red Hat newsgroups. Unfortunately, it is off-topic for comp.lang.c++.

Claudio Puviani
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top