| Mandalika's scratchpad | [ Work blog @Oracle | My Music Compositions ] | 
Old Posts: 09.04 10.04 11.04 12.04 01.05 02.05 03.05 04.05 05.05 06.05 07.05 08.05 09.05 10.05 11.05 12.05 01.06 02.06 03.06 04.06 05.06 06.06 07.06 08.06 09.06 10.06 11.06 12.06 01.07 02.07 03.07 04.07 05.07 06.07 08.07 09.07 10.07 11.07 12.07 01.08 02.08 03.08 04.08 05.08 06.08 07.08 08.08 09.08 10.08 11.08 12.08 01.09 02.09 03.09 04.09 05.09 06.09 07.09 08.09 09.09 10.09 11.09 12.09 01.10 02.10 03.10 04.10 05.10 06.10 07.10 08.10 09.10 10.10 11.10 12.10 01.11 02.11 03.11 04.11 05.11 07.11 08.11 09.11 10.11 11.11 12.11 01.12 02.12 03.12 04.12 05.12 06.12 07.12 08.12 09.12 10.12 11.12 12.12 01.13 02.13 03.13 04.13 05.13 06.13 07.13 08.13 09.13 10.13 11.13 12.13 01.14 02.14 03.14 04.14 05.14 06.14 07.14 09.14 10.14 11.14 12.14 01.15 02.15 03.15 04.15 06.15 09.15 12.15 01.16 03.16 04.16 05.16 06.16 07.16 08.16 09.16 12.16 01.17 02.17 03.17 04.17 06.17 07.17 08.17 09.17 10.17 12.17 01.18 02.18 03.18 04.18 05.18 06.18 07.18 08.18 09.18 11.18 12.18 01.19 02.19 05.19 06.19 08.19 10.19 11.19 05.20 10.20 11.20 12.20 09.21 11.21 12.22
First things first -- Oracle Solaris Studio 12.4 is now generally available. One of the key features of this release is the support for the latest industry standards including C++11, C11 and OpenMP 4.0. Check the Solaris Studio 12.4 Data Sheet before downloading the software from Oracle Technology Network.
Static Code Analysis
Code Analyzer tool in Oracle Solaris Studio compiler suite can analyze static data, dynamic memory access data, and code coverage data collected from binaries that were compiled with the C/C++ compilers in Solaris Studio 12.3 or later. Code Analyzer is supported on Solaris and Oracle Enterprise Linux.
Primary focus of this blog entry is the static code analysis.
Static code analysis is the process of detecting common programming errors in code during compilation. The static code checking component in Code Analyzer looks for potential errors such as accessing outside the bounds of the array, out of scope variable use, NULL pointer deferences, infinite loops, uninitialized variables, memory leaks and double frees. The following webpage in Solaris Studio 12.4: Code Analyzer User's Guide has the complete list of errors with examples.
Static Code Issues analyzed by Code Analyzer
High-level steps in using Code Analyzer for Static Code analysis
Given the enhancements and incremental improvements in analysis tools, Solaris Studio 12.4 is recommended for this exercise.
Collect static data
Compile [all source] and link with –xprevise=yes option.
-xanalyze=code option.
–xannotate option on compile/link line in addition to -xprevise=yes|-xanalyze=code.
During compilation, the C/C++ compiler extracts static errors automatically, and writes the error information to the sub-directory in <binary-name>.analyze directory.
Analyze the static data
Two options available to analyze and display the errors in a report format.
codean command-line tool. Options
 Example
The following example demonstrates the above steps using Solaris Studio 12.4 C compiler and codean command-line tool.
% cat someapp.c
#include <stdio.h>
#include <stdlib.h>
#define SIZE 3
int main() {
        int *arrX[SIZE];
        for (int i = 0; i < SIZE; ++i) {
                arrX[i] = calloc(1, sizeof(int));
                *arrX[i] = (i*5);
        }
        for (int i = 1; i <= SIZE; ++i) {
                printf("\narrX[%d] = %d", i, *arrX[i]);
                free(arrX);
        }
        return 0;
}
% cc -V
cc: Sun C 5.12 SunOS_sparc Patch 148917-08 2014/09/10
% cc -g -o someapp -xprevise=yes someapp.c
% codean -s someapp
STATIC report of someapp:
ERROR 1 (ABR): reading memory beyond array bounds: arrX[i] at:
        main()  
                12:                     *arrX[i] = (i*5);
                13:             }
                15:             for (int i = 1; i <= SIZE; ++i) {
                16:=>                   printf("\narrX[%d] = %d", i, *arrX[i]);
                17:                     free(arrX);
LEAK 1 : 1 block left allocated on heap with a total size of 1 byte
        main()  
                6:      int main() {
                8:              int *arrX[SIZE];
                10:             for (int i = 0; i < SIZE; ++i) {
                11:=>                   arrX[i] = calloc(1, sizeof(int));
                12:                     *arrX[i] = (i*5);
WARNING 1 (MRC): missing null-pointer check after malloc: calloc(1,4) at:
        main()  
                6:      int main() {
                8:              int *arrX[SIZE];
                10:             for (int i = 0; i < SIZE; ++i) {
                11:=>                   arrX[i] = calloc(1, sizeof(int));
                12:                     *arrX[i] = (i*5);
PREVISE SUMMARY for someapp: 1 error(s), 1 warning(s), 1 leak(s) in total
In addition to displaying plain text output on stdout, codean tool also saves the results in a HTML file in the same directory the executable resides.
% ls someapp*html
someapp.static.html
   
Few things to be aware of:
Reference & Recommended Reading:
    Oracle Solaris Studio 12.4 Code Analyzer User's Guide
Labels: Oracle Solaris Studio C C++ Static Code Analysis Tool
| 2004-2019 |