Mandalika's scratchpad | [ Work blog @Oracle | My Music Compositions ] |
Old Posts: 09.04 10.04 11.04 12.04 01.05 02.05 03.05 04.05 05.05 06.05 07.05 08.05 09.05 10.05 11.05 12.05 01.06 02.06 03.06 04.06 05.06 06.06 07.06 08.06 09.06 10.06 11.06 12.06 01.07 02.07 03.07 04.07 05.07 06.07 08.07 09.07 10.07 11.07 12.07 01.08 02.08 03.08 04.08 05.08 06.08 07.08 08.08 09.08 10.08 11.08 12.08 01.09 02.09 03.09 04.09 05.09 06.09 07.09 08.09 09.09 10.09 11.09 12.09 01.10 02.10 03.10 04.10 05.10 06.10 07.10 08.10 09.10 10.10 11.10 12.10 01.11 02.11 03.11 04.11 05.11 07.11 08.11 09.11 10.11 11.11 12.11 01.12 02.12 03.12 04.12 05.12 06.12 07.12 08.12 09.12 10.12 11.12 12.12 01.13 02.13 03.13 04.13 05.13 06.13 07.13 08.13 09.13 10.13 11.13 12.13 01.14 02.14 03.14 04.14 05.14 06.14 07.14 09.14 10.14 11.14 12.14 01.15 02.15 03.15 04.15 06.15 09.15 12.15 01.16 03.16 04.16 05.16 06.16 07.16 08.16 09.16 12.16 01.17 02.17 03.17 04.17 06.17 07.17 08.17 09.17 10.17 12.17 01.18 02.18 03.18 04.18 05.18 06.18 07.18 08.18 09.18 11.18 12.18 01.19 02.19 05.19 06.19 08.19 10.19 11.19 05.20 10.20 11.20 12.20 09.21 11.21 12.22
First things first -- Oracle Solaris Studio 12.4 is now generally available. One of the key features of this release is the support for the latest industry standards including C++11, C11 and OpenMP 4.0. Check the Solaris Studio 12.4 Data Sheet before downloading the software from Oracle Technology Network.
Static Code Analysis
Code Analyzer tool in Oracle Solaris Studio compiler suite can analyze static data, dynamic memory access data, and code coverage data collected from binaries that were compiled with the C/C++ compilers in Solaris Studio 12.3 or later. Code Analyzer is supported on Solaris and Oracle Enterprise Linux.
Primary focus of this blog entry is the static code analysis.
Static code analysis is the process of detecting common programming errors in code during compilation. The static code checking component in Code Analyzer looks for potential errors such as accessing outside the bounds of the array, out of scope variable use, NULL pointer deferences, infinite loops, uninitialized variables, memory leaks and double frees. The following webpage in Solaris Studio 12.4: Code Analyzer User's Guide has the complete list of errors with examples.
Static Code Issues analyzed by Code Analyzer
High-level steps in using Code Analyzer for Static Code analysis
Given the enhancements and incremental improvements in analysis tools, Solaris Studio 12.4 is recommended for this exercise.
Collect static data
Compile [all source] and link with –xprevise=yes
option.
-xanalyze=code
option.
–xannotate
option on compile/link line in addition to -xprevise=yes|-xanalyze=code
.
During compilation, the C/C++ compiler extracts static errors automatically, and writes the error information to the sub-directory in <binary-name>.analyze
directory.
Analyze the static data
Two options available to analyze and display the errors in a report format.
codean
command-line tool. Options
Example
The following example demonstrates the above steps using Solaris Studio 12.4 C compiler and codean
command-line tool.
% cat someapp.c #include <stdio.h> #include <stdlib.h> #define SIZE 3 int main() { int *arrX[SIZE]; for (int i = 0; i < SIZE; ++i) { arrX[i] = calloc(1, sizeof(int)); *arrX[i] = (i*5); } for (int i = 1; i <= SIZE; ++i) { printf("\narrX[%d] = %d", i, *arrX[i]); free(arrX); } return 0; } % cc -V cc: Sun C 5.12 SunOS_sparc Patch 148917-08 2014/09/10 % cc -g -o someapp -xprevise=yes someapp.c % codean -s someapp STATIC report of someapp: ERROR 1 (ABR): reading memory beyond array bounds: arrX[i] at: main()12: *arrX[i] = (i*5); 13: } 15: for (int i = 1; i <= SIZE; ++i) { 16:=> printf("\narrX[%d] = %d", i, *arrX[i]); 17: free(arrX); LEAK 1 : 1 block left allocated on heap with a total size of 1 byte main() 6: int main() { 8: int *arrX[SIZE]; 10: for (int i = 0; i < SIZE; ++i) { 11:=> arrX[i] = calloc(1, sizeof(int)); 12: *arrX[i] = (i*5); WARNING 1 (MRC): missing null-pointer check after malloc: calloc(1,4) at: main() 6: int main() { 8: int *arrX[SIZE]; 10: for (int i = 0; i < SIZE; ++i) { 11:=> arrX[i] = calloc(1, sizeof(int)); 12: *arrX[i] = (i*5); PREVISE SUMMARY for someapp: 1 error(s), 1 warning(s), 1 leak(s) in total In addition to displaying plain text output on stdout, codean
tool also saves the results in a HTML file in the same directory the executable resides. % ls someapp*html someapp.static.html
Few things to be aware of:
Reference & Recommended Reading:
Oracle Solaris Studio 12.4 Code Analyzer User's Guide
Labels: Oracle Solaris Studio C C++ Static Code Analysis Tool
2004-2019 |