eclipse con 2015: codan - a c/c++ code analysis framework for cdt
TRANSCRIPT
Codan - a Code Analysis Framework
for CDT
Elena Laskavaia
2015 If (getuid()!=0 && geteuid==0) {
ErrorF(“only root”);
exit(1);
}
Why Static Analysis?
Defect Detection
Potential Problems
Code Style
Security Violations
Defect Detection
Unused Code
Code Patterns
Metrics Violations
Reverse Engineering
Model Visualization
Cross-Reference
Metrics
Forward Engineering
Refactoring
Context-Assist
Code Generation
Analysis of source code without running the program
Cost of fixing one bug
Stage Bug Life Cost
As you type 1 s 1 cent
Developer build 10 sec 10 cent
Developer testing 10 min $3
SCM check in 4 h $10
Integration build 1 d $40
Integration testing 10 days $200
In the field 30 days $1000+
In outer space 3 years $100 million*
1
10
100
1000
10000
Dev Unit QA User Live
Cost
Defect
DetectionEclipse-CDT
Codan
Codan
UX: Klocwork C/C++
UX: PMD Java
UX: Find Bugs Java
UX: UCDetector Java
Basic Architecture
Checkers
Code
Models
Problem
MarkersTriggers
Marker
Presentation
Quick Fixes
Preferences(Configuration)
Preference
Editor
Codan Problem Markers
• Codan problem markers – categories, editor annotations
• Quick Fix• Problem Details view
• Menu: Customize Problem...
• Menu: Show in -> Problem Details
Preference Editor
• Enablement
• Severity
• Message
• Parameters
• Scope
• Launching Triggers
Launch Triggers
Run on demand from context menuRun as you type
Run with Build
Writing a Good Checker
Framework worth nothing without checkers
Framework is bad if checkers are bad
What does it take to write a good checker?
Good Defect Detection Tool
• Be part of the processIntegrated
• Ignore defects, change severity, parameterizeCustomizable
• Fix the code - if canAuto-correcting
• Bad description damages tool reputationSelf-explaining
• No code modifications: exceptions, historyHide false positives
• Reconfigure itself based on defect density Adaptable
• Not: laggy, annoying, noisy, wrong Not burden
Checker Design Cycle
• Unit tests
• “Field” test
• Profiling
• Customization
• Properties
• Checker
• Quick Fix
• Error Parsers
• Problem Details
• Idea
• Presentation
• Code Model
• Good fit?
Design Develop
TestTune
Design
Define GoalBrainstorm
PresentationPick Code
ModelSketch
Is selected framework the best choice?
Problem Marker is a problem
Problem Marker – you blame developer
Defensive reaction – blame the tool
Too much red marks – turn it off
Too many f.p. – don't trust anymore
Unclear description – tool is wrong
Alternative UX
Tree
TreeMap
Charts
Unit TestCode
Formatter
Quick Fix
Search
Call Graph Description
Code Models
AST
Preprocessor
Comments
Tokens
Bindings
Control Flow Graph
Data Flow Graph*
Text
File Structure
C-Model
(Containment)
C-Index
(Cross Reference)
Code Models Visualized
dummy() {
return;
}
void some1();
void some() {
return some1();
}
int retindead() {
return 5;;
}
int infloop() {
while(1) { … }
}
void f() {
[](int r){return r;}(5);
}
int test() {
class A {
void m() { return; };
}
}
auto f() -> void
{
}
f.p. -
nobody cares
f.p. - void
expression
f.p. - missing
auto evaluation
f.p. - enclosed
functionsf.p. - lambda
f.p. - dead code
or unreachable
Return Mismatch CheckerHistory in bug reports…
• Return type of function does not match type of return expression
• Or return is missing for non-void function
Return Checker Uses Models
AST
Preprocessor
Comments
Tokens
Bindings
Control Flow Graph
Data Flow Graph*
Text
File Structure
C-Model
(Containment)
C-Index
(Cross Reference)
Internal Checker
Checker
Code
Models
Problem
MarkersTriggers
Marker
Presentation
Quick Fix
Preferences(Configuration)
Preference
Editor
Problem
Extension Point
<extension
point="org.eclipse.cdt.codan.core.checkers">
</checker>
<checker
class="org.eclipse.cdt.codan.internal.checkers.StatementHasNoEffectChecker"
id="org.eclipse.cdt.codan.internal.checkers.StatementHasNoEffectChecker"
name="StatementHasNoEffectChecker">
<problem
category="org.eclipse.cdt.codan.core.categories.ProgrammingProblems"
defaultSeverity="Warning"
id="org.eclipse.cdt.codan.internal.checkers.StatementHasNoEffectProblem"
name="Statement has no effect">
messagePattern="Statement has no effect ''{0}''"
/>
</checker>
</extension>
Extension: checkers
Problem A
Checker
Problem B…
ID
Enablement
Severity
Description
Checker Class
public class StatementHasNoEffectChecker extends AbstractIndexAstChecker {
private static final String ER_ID = "org.eclipse.cdt.codan.internal.checkers.StatementHasNoEffectProblem";
public void processAst(IASTTranslationUnit ast) {
ast.accept(new CheckStmpVisitor());
}
class CheckStmpVisitor extends ASTVisitor {
CheckStmpVisitor() {
shouldVisitStatements = true;
}
public int visit(IASTStatement stmt) {
if (stmt instanceof IASTExpressionStatement) {
if (hasNoEffect(((IASTExpressionStatement) stmt).getExpression())) {
reportProblem(ER_ID, stmt);
}
return PROCESS_SKIP;
}
return PROCESS_CONTINUE;
}…
See full code of this checker in codan subtree of project:
org.eclipse.cdt.codan.checkers/src/org/eclipse/cdt/codan/internal/checkers/StatementHasNoEffectChecker.java
External Tool Integration
• Triggers (choose one)
– Integrate into build system and parse output
– Invoke from checker and parse output
• Severity Mapping
• Problem Preference editor (or not)
• Extra details (hyperlinks)
• Tool configuration (preference page)
External Tool Invoke
CheckerProblem
MarkersTriggers
Error
Parser
Tool
Problem
Details
Problem
Quick Fix
External Tool Built-in
Problem
Markers
Preferences(Configuration)
Preference
Editor
BuildError
Parser
Build
Magic
Listener Tool
Configuration
Problem
Problem
Details
External Invoke Code
public void processUnit(ITranslationUnit unit) {
IScannerInfo scannerInfo = unit.getScannerInfo(true);
List<String> res = getCompilerOptionsList(scannerInfo); // -I.. –D…
res.add("-c");res.add("-o/dev/null");res.add("-O2");res.add("-Wall");// default flags
res.add(unit.getFile().getLocation().toPortableString());// file path
String args[] = res.toArray(new String[res.size()]);
try {
externalToolInvoker.launchOnBuildConsole(
unit.getResource().getProject(),
new IConsoleParser[] { getConsoleParser(unit) }, // parser converts patterns to markers
"check",
getToolPath(), args, new String[] {}, getWorkingDirectory(), // command line
new NullProgressMonitor());
} catch (CoreException | InvocationFailure e) {
Activator.log(e);
}
}
APIs
CDT
CodanBase Checkers
Base Quick Fix
Problem Details
Control Flow Graph
Error Parser Utils
Launch Utils
CDT
C-ASTComments
Includes
Marcos
Tokens
AST
Bindings
CDT
CoreC-Element
Containment
Cross References
Error Parsers
Scanner Discovery
AST-Rewrite
Eclipse
Platform
Property Change Listeners
Problem Markers
Editor Annotations
Resources
Test
Run Static Analysis
• On checker’s code!
Write Junits
• True Positives
• True Negatives
• Error recovery
• Use Code Coverage
Field Testing
• Large Code Base
• C++ not only C
• Inspect for f.p.
Junit Test and Coverage
// main() {
// int a,b;
//
// b+a; // error here
// }
public void testBinaryExpression() {
checkSampleAbove();
}
// main() {
// int a,b;
//
// a=b+a; // no error here
// }
public void testNormalAssignment() {
checkSampleAbove();
}
Tune
Profile
• Performance
• Memory
• Stats
Customize
• Variations
• Split Problems
• Exception Parameters
• Adaptation
• F.P. Reduction
Properties
• Severity
• Enablement
• Category
• Description
• Launch Triggers
Adding problem parameters
public void initPreferences(IProblemWorkingCopy problem) {
super.initPreferences(problem);
if (problem.getId().equals(RET_NO_VALUE_ID)) {
addPreference(problem, PARAM_IMPLICIT,
“Also check functions with implicit return value”,
Boolean.FALSE);
}
}
Creative Use
Quick Fix Only
• Error pattern to trigger quick fix from compiler errors
Problem Details Only
• Hyperlink to generic search
Compile as you type
• As computers getting faster… c++ compilers too!
Tool chain warning configuration
• Modify build configuration as user changes error profile
Editor Markup
• Use highlighting annotations instead of regular once
Headless
• Reuse checkers to run headless
Questions??
+1 0 -1
Sign in: www.eclipsecon.org
Evaluate the sessions