Mandalika's scratchpad: 11.14

Mandalika's scratchpad

[ Work blog @Oracle | My Music Compositions ]

Old Posts: 09.04 10.04 11.04 12.04 01.05 02.05 03.05 04.05 05.05 06.05 07.05 08.05 09.05 10.05 11.05 12.05 01.06 02.06 03.06 04.06 05.06 06.06 07.06 08.06 09.06 10.06 11.06 12.06 01.07 02.07 03.07 04.07 05.07 06.07 08.07 09.07 10.07 11.07 12.07 01.08 02.08 03.08 04.08 05.08 06.08 07.08 08.08 09.08 10.08 11.08 12.08 01.09 02.09 03.09 04.09 05.09 06.09 07.09 08.09 09.09 10.09 11.09 12.09 01.10 02.10 03.10 04.10 05.10 06.10 07.10 08.10 09.10 10.10 11.10 12.10 01.11 02.11 03.11 04.11 05.11 07.11 08.11 09.11 10.11 11.11 12.11 01.12 02.12 03.12 04.12 05.12 06.12 07.12 08.12 09.12 10.12 11.12 12.12 01.13 02.13 03.13 04.13 05.13 06.13 07.13 08.13 09.13 10.13 11.13 12.13 01.14 02.14 03.14 04.14 05.14 06.14 07.14 09.14 10.14 11.14 12.14 01.15 02.15 03.15 04.15 06.15 09.15 12.15 01.16 03.16 04.16 05.16 06.16 07.16 08.16 09.16 12.16 01.17 02.17 03.17 04.17 06.17 07.17 08.17 09.17 10.17 12.17 01.18 02.18 03.18 04.18 05.18 06.18 07.18 08.18 09.18 11.18 12.18 01.19 02.19 05.19 06.19 08.19 10.19 11.19 05.20 10.20 11.20 12.20 09.21 11.21 12.22

Friday, November 28, 2014

Solaris Studio : C/C++ Static Code Analysis

First things first -- Oracle Solaris Studio 12.4 is now generally available. One of the key features of this release is the support for the latest industry standards including C++11, C11 and OpenMP 4.0. Check the Solaris Studio 12.4 Data Sheet before downloading the software from Oracle Technology Network.

Static Code Analysis

Code Analyzer tool in Oracle Solaris Studio compiler suite can analyze static data, dynamic memory access data, and code coverage data collected from binaries that were compiled with the C/C++ compilers in Solaris Studio 12.3 or later. Code Analyzer is supported on Solaris and Oracle Enterprise Linux.

Primary focus of this blog entry is the static code analysis.

Static code analysis is the process of detecting common programming errors in code during compilation. The static code checking component in Code Analyzer looks for potential errors such as accessing outside the bounds of the array, out of scope variable use, NULL pointer deferences, infinite loops, uninitialized variables, memory leaks and double frees. The following webpage in Solaris Studio 12.4: Code Analyzer User's Guide has the complete list of errors with examples.

Static Code Issues analyzed by Code Analyzer

High-level steps in using Code Analyzer for Static Code analysis

Given the enhancements and incremental improvements in analysis tools, Solaris Studio 12.4 is recommended for this exercise.

Collect static data

Compile [all source] and link with –xprevise=yes option.
- when using Solaris Studio 12.3 compilers, compile with -xanalyze=code option.
- Linux users: specify –xannotate option on compile/link line in addition to -xprevise=yes|-xanalyze=code.
During compilation, the C/C++ compiler extracts static errors automatically, and writes the error information to the sub-directory in <binary-name>.analyze directory.
Analyze the static data

Two options available to analyze and display the errors in a report format.
- 1) Code Analyzer GUI
- 2) codean command-line tool. Options

Example

The following example demonstrates the above steps using Solaris Studio 12.4 C compiler and codean command-line tool.

% cat someapp.c
#include <stdio.h>
#include <stdlib.h>

#define SIZE 3

int main() {

        int *arrX[SIZE];

        for (int i = 0; i < SIZE; ++i) {
                arrX[i] = calloc(1, sizeof(int));
                *arrX[i] = (i*5);
        }

        for (int i = 1; i <= SIZE; ++i) {
                printf("\narrX[%d] = %d", i, *arrX[i]);
                free(arrX);
        }

        return 0;
}

% cc -V
cc: Sun C 5.12 SunOS_sparc Patch 148917-08 2014/09/10

% cc -g -o someapp -xprevise=yes someapp.c

% codean -s someapp
STATIC report of someapp:
ERROR 1 (ABR): reading memory beyond array bounds: arrX[i] at:
        main()  
                12:                     *arrX[i] = (i*5);
                13:             }
                15:             for (int i = 1; i <= SIZE; ++i) {
                16:=>                   printf("\narrX[%d] = %d", i, *arrX[i]);
                17:                     free(arrX);
LEAK 1 : 1 block left allocated on heap with a total size of 1 byte
        main()  
                6:      int main() {
                8:              int *arrX[SIZE];
                10:             for (int i = 0; i < SIZE; ++i) {
                11:=>                   arrX[i] = calloc(1, sizeof(int));
                12:                     *arrX[i] = (i*5);
WARNING 1 (MRC): missing null-pointer check after malloc: calloc(1,4) at:
        main()  
                6:      int main() {
                8:              int *arrX[SIZE];
                10:             for (int i = 0; i < SIZE; ++i) {
                11:=>                   arrX[i] = calloc(1, sizeof(int));
                12:                     *arrX[i] = (i*5);
PREVISE SUMMARY for someapp: 1 error(s), 1 warning(s), 1 leak(s) in total

In addition to displaying plain text output on stdout, codean tool also saves the results in a HTML file in the same directory the executable resides.

% ls someapp*html
someapp.static.html

Few things to be aware of:

compilers may not be able to detect all of the static errors in target code especially if the errors are complex.
some errors depend on data that is available only at runtime -- perform dynamic analysis as well.
some errors are ambiguous, and also might not be actual errors -- expect few false-positives.

Reference & Recommended Reading:
Oracle Solaris Studio 12.4 Code Analyzer User's Guide

Labels: Oracle Solaris Studio C C++ Static Code Analysis Tool

Posted by: Giri Mandalika. # 12:34 AM 0 comments.

2004-2019