First things first -- Oracle Solaris Studio 12.4 is now generally available. One of the key features of this release is the support for the latest industry standards including C++11, C11 and OpenMP 4.0. Check the Solaris Studio 12.4 Data Sheet before downloading the software from Oracle Technology Network.
Static Code Analysis
Code Analyzer tool in Oracle Solaris Studio compiler suite can analyze static data, dynamic memory access data, and code coverage data collected from binaries that were compiled with the C/C++ compilers in Solaris Studio 12.3 or later. Code Analyzer is supported on Solaris and Oracle Enterprise Linux.
Primary focus of this blog entry is the static code analysis.
Static code analysis is the process of detecting common programming errors in code during compilation. The static code checking component in Code Analyzer looks for potential errors such as accessing outside the bounds of the array, out of scope variable use, NULL pointer deferences, infinite loops, uninitialized variables, memory leaks and double frees. The following webpage in Solaris Studio 12.4: Code Analyzer User's Guide has the complete list of errors with examples.
Static Code Issues analyzed by Code Analyzer
High-level steps in using Code Analyzer for Static Code analysis
Given the enhancements and incremental improvements in analysis tools, Solaris Studio 12.4 is recommended for this exercise.
-
Collect static data
Compile [all source] and link with
–xprevise=yesoption.- when using Solaris Studio 12.3 compilers, compile with
-xanalyze=codeoption. - Linux users: specify
–xannotateoption on compile/link line in addition to-xprevise=yes|-xanalyze=code.
During compilation, the C/C++ compiler extracts static errors automatically, and writes the error information to the sub-directory in
<binary-name>.analyzedirectory. - when using Solaris Studio 12.3 compilers, compile with
-
Analyze the static data
Two options available to analyze and display the errors in a report format.
- 1) Code Analyzer GUI
- 2)
codeancommand-line tool. Options
Example
The following example demonstrates the above steps using Solaris Studio 12.4 C compiler and codean command-line tool.
% cat someapp.c
#include <stdio.h>
#include <stdlib.h>
#define SIZE 3
int main() {
int *arrX[SIZE];
for (int i = 0; i < SIZE; ++i) {
arrX[i] = calloc(1, sizeof(int));
*arrX[i] = (i*5);
}
for (int i = 1; i <= SIZE; ++i) {
printf("\narrX[%d] = %d", i, *arrX[i]);
free(arrX);
}
return 0;
}
% cc -V
cc: Sun C 5.12 SunOS_sparc Patch 148917-08 2014/09/10
% cc -g -o someapp -xprevise=yes someapp.c
% codean -s someapp
STATIC report of someapp:
ERROR 1 (ABR): reading memory beyond array bounds: arrX[i] at:
main()
12: *arrX[i] = (i*5);
13: }
15: for (int i = 1; i <= SIZE; ++i) {
16:=> printf("\narrX[%d] = %d", i, *arrX[i]);
17: free(arrX);
LEAK 1 : 1 block left allocated on heap with a total size of 1 byte
main()
6: int main() {
8: int *arrX[SIZE];
10: for (int i = 0; i < SIZE; ++i) {
11:=> arrX[i] = calloc(1, sizeof(int));
12: *arrX[i] = (i*5);
WARNING 1 (MRC): missing null-pointer check after malloc: calloc(1,4) at:
main()
6: int main() {
8: int *arrX[SIZE];
10: for (int i = 0; i < SIZE; ++i) {
11:=> arrX[i] = calloc(1, sizeof(int));
12: *arrX[i] = (i*5);
PREVISE SUMMARY for someapp: 1 error(s), 1 warning(s), 1 leak(s) in total
In addition to displaying plain text output on stdout, codean tool also saves the results in a HTML file in the same directory the executable resides.
% ls someapp*html
someapp.static.html
Few things to be aware of:
- compilers may not be able to detect all of the static errors in target code especially if the errors are complex.
- some errors depend on data that is available only at runtime -- perform dynamic analysis as well.
- some errors are ambiguous, and also might not be actual errors -- expect few false-positives.
Reference & Recommended Reading:
Oracle Solaris Studio 12.4 Code Analyzer User's Guide
No comments:
Post a Comment