简体繁体 English

为专有API开发静态源代码分析工具？

[英]Developing a static source code analysis tool for proprietary API?

原文 2009-07-24 21:51:33 4 4 c++/ static-analysis

There is a proprietary API that is built on top of C++. 有一个基于C ++构建的专有API。 So it uses all the features of C++ and then has its own APIs. 所以它使用C ++的所有功能，然后有自己的API。 There are some APIs that function exactly the same as C++ API (like for malloc there is Stralloc), these APIs are provided for performance reasons. 有一些API的功能与C ++ API完全相同（对于有Stalaloc的malloc），这些API是出于性能原因而提供的。

Though there are many static code analyzers available for C++, we cannot use any of them. 虽然有许多静态代码分析器可用于C ++，但我们不能使用它们中的任何一个。 There is a need to have a static code analyzer which could be run on the code with proprietary APIs. 需要一个静态代码分析器，可以使用专有API在代码上运行。

I would like to know how do I begin developing the code analyzer. 我想知道如何开始开发代码分析器。 It may need not be very feature oriented like the ones available for C++. 它可能不需要像C ++那样面向功能。 I want to start with basic stuff like reporting unused variables, buffer overflows, memory leaks. 我想从报告未使用的变量，缓冲区溢出，内存泄漏等基本内容开始。

Any guidance will be appreciated. 任何指导将不胜感激。

[UPDATE] I found the following question which is what I was looking for, only difference is, instead of Java my concern is for proprietary APIs. [更新]我发现了以下问题，这就是我所寻找的，唯一的区别是，而不是Java，我关注的是专有API。 So far I have got couple of good answers but I would really like to know more from people who have been through such kind of development. 到目前为止，我有很多好的答案，但我真的希望从经历过这种发展的人那里了解更多。

Introduction to Static Analysis 静态分析简介

4 个解决方案

I'm confused: 我糊涂了：

Is this a language implementation on top of C++ or just a set of APIs on top of C++? 这是一种基于C ++的语言实现还是仅仅是一组基于C ++的API？

If the latter, any normal C++ profiler will capture things like memory leaks and overflows. 如果是后者，任何普通的C ++探查器都会捕获内存泄漏和溢出等内容。

Solutions like Coverity and Klocwork have an extensible rule set where you can write your own rules. 像Coverity和Klocwork这样的解决方案有一个可扩展的规则集，您可以在其中编写自己的规则。 You can also configure the tool so that their standard memory checks understand custom memory allocators. 您还可以配置该工具，以便其标准内存检查了解自定义内存分配器。 Some limitations apply though. 但是有一些限制。

It's useful to use these tools because then you can borrow off the same workflow. 使用这些工具很有用，因为您可以借用相同的工作流程。 Again, it depends on what you code you have and what exactly you are looking to do. 同样，这取决于您的代码是什么以及您想要做什么。

Do not try to write this from scratch. 不要试图从头开始写这个。 C++ is notoriously difficult to even parse, and I don't think you'd get far on this route. 众所周知，C ++很难解析，我认为你不会在这条路上走得太远。

You should use an extendible C++ static analyser, so that you can write your own plugins to analyse your library calls. 您应该使用可扩展的C ++静态分析器，以便您可以编写自己的插件来分析库调用。 Off the top of my head, I would suggest: 在我的头顶，我建议：

The gcc C++ front-end (gcc now has plugins) gcc C ++前端（gcc现在有插件）
The EDG C++ parser EDG C ++解析器
Rose (uses EDG) 罗斯（使用EDG）
LLVM (perhaps using clang, but it might not be ready for primetime) LLVM（也许是使用clang，但它可能还没有为黄金时段做好准备）
Microsoft's Phoenix Framework (I assume it can do this, I have not checked). 微软的凤凰框架（我认为它可以做到这一点，我没有检查过）。

The best answer is likely clang or rose. 最好的答案可能是铿锵有力。

Parsing C++ is very hard in practice. 在实践中解析C ++非常困难。 If you have a C++ extended dialect, you need a full C++ parser that is "easily" bent to your dialect, and has means to build analysis tools. 如果你有一个C ++扩展方言，你需要一个完全的C ++解析器，它“容易”弯曲到你的方言，并有建立分析工具的手段。

The DMS Software Reengineering Toolkit is fully customizable generic analysis and transformation infrastructure, providing general parsing, tree building, symbol table construction and flow analysis capabilities. DMS软件再造工具包是完全可定制的通用分析和转换基础架构，提供通用解析，树构建，符号表构建和流分析功能。 It is used to build fully custom analyzers. 它用于构建完全自定义的分析仪。

It has a C++ Front End that handles several standard dialects of C++, and can be customized to handle other extensions. 它有一个C ++前端，可以处理C ++的几种标准方言，并且可以自定义以处理其他扩展。 The C++ front end has full preprocessor capabilities, parses and builds ASTs, and does full C++ name and type analysis. C ++前端具有完整的预处理器功能，解析和构建AST，并进行完整的C ++名称和类型分析。