Follow this blog by Email

Friday, 22 November 2013

Commands for various tools to do Static Code analysis of C C++ source

Static code analysis is a very important step that every software developer, organisation should carry out to check if the code has any subtle possible issues which could cause bugs in the code.
A static code analysis of code using various tools can detect many errors or warning in the code like uninitialized variables, dangerous variable type conversions signed to unsigned, language specification violations etc.

Here I am going to explain in detail, usage of multiple static analysis tools
which I use for detecting such possible issues in my C,C++ code. After I get the output errors and warnings from these static analysis tools, a thorough code review of the code is done and then I try to remove as much errors and warnings as possible considering there could be some 'false positive' issues reported by some of these tools at some places of code. But either ways it is good to have all diagnostics of the code done and available to you, to be able to take an informed decision about possible changes to the code.

My code development setup is such that the C C++ code I have needs to be able to compile on Windows-x86, Linux-x86, and Linux-ARMV7 platforms.
The code is written in a protable way with all architecture specific, os specific calls inside conditional statements such that it does not cause build issues on either of the platform mentioned above.

Below is the exact command-line options, settings used in each code analysis/compiler tool to get maximum information in form of errors and warnings about possible issues in code.
1] gcc 
I always compile my code using below gcc options in the make file:-
 -Wall -Wextra -Wuninitialized -pedantic
These options almost always detect many issues like variables used
before initializing them, all warnings , even some pedantic warnings about
non-adherence to code language standard.
Few sample warnings these options generated on my code:
   ../../../../../code/my1.cpp:218:54: warning: ‘pChannel’ may be used uninitialized in this function
   ./../../../../../IP/Lib/src/portablity.h:90:12: warning: unused parameter ‘numberOfElem’ [-Wunused-parameter]
2] clang
Clang is an opensource compiler frontend used with llvm
It has a very good code analysis tool to analyze source code.
To analyze a single source file the command is as below:
clang++ --analyze -I/home/ad/IP/Lib/src/  -Weverything -pedantic -fshow-column 
-fcaret-diagnostics -fcolor-diagnostics -ferror-limit=9999999 -fdiagnostics-show-category -std=c++98 file1.cpp

Sample warnings and errors clang static analyzer generated:
 /home/ad/IP/Lib/src/Pkt.h:60:6:error: ISO C++ forbids forward references to 'enum' types
 /home/ad/IP/Lib/src/Pkt.h:67:4:error: field has incomplete type 'Pkt_t

3] PRQA-C++
 This tool from PRQA research is a good tool which enforces MISRA C/C++ rules in its static code analysis process.
There is a evaluation version of this tool available for download and try.
You can add all source files into the project in this tool and run code analysis on them
It generates a compliance report on analyzing the source files and detect and report issues like Conversion to unsigned,
  Overflow and wraparound issues, Portability Problems and many others.

4] PCLint
 PCLint is a static analysis tool which has been around for a long time now.

 lint-nt-8p.exe -w4 -wlib(0) -e309 -e1904 +fce +fcp +cpp(cpp,cxx,cc) -i"C:\mycode\include" file1.cpp > file1cpp_lintoutput.txt

This will generate the lint code analysis report in the file file1cpp_lintoutput.txt

Sample output of the lint static code analysis:

 #define NUM_OF_ERROR_CODES 88
 ErrorCodes.h  45  Note 1923: macro 'NUM_OF_ERROR_CODES' could become const variable

  Msgs.h  352  Note 958: Padding of 7 byte(s) is required to align member
    on 8 byte boundary

5] Eclipse Codan Analysis
 Eclipse is a free tool. Download and install Eclipse CDT.
Create a workspace in ecliplse. Create new empty C/C++ project in it. Then add your source and header files to that project.
Eclipse has a inbuilt code analysis toot called CODAN.
Right-click Eclipse project-->Run C/C++ Code analysis. This shows all errors/warnings generated from this analysis.

6] Cppcheck 
This is a static C/C++ code analysis tool available of linux. On Ubuntu we can install it as
sudo apt-get install cppcheck

cppcheck --enable=all -I ./ -I /home/ad/IP/Lib/include/ -I /home/ad/src/include/  file1.cpp
If you want you can redirect the output of this static analysis to a text file for later analysis:

cppcheck --enable=all -I ./ -I /home/ad/IP/Lib/include/ -I /home/ad/src/include/  file1.cpp >file1cpp.txt 2>&1

Sample outcome of static code analysis using cppcheck:

[/home/ad/IP/Lib/src/hash.h:160]: (error) Uninitialized variable: data8  
[/home/ad/IP/Lib/src/Log.h:375]: (error) Null pointer dereference
[file1.cpp:5837]: (style) Variable 'pString' is assigned a value that is never used

7] Mac OS XCode static analysis
    I create a XCode C++ project for my code, on MacOSx or iOS.
Then use the XCode inbuild static Code analysis tool which is also pretty nifty and gives information about your source code.

8] Visual C++ 2008 / Visual Studio X All Warnings enabled
  In your Visual C++ solution, you have a project created. Once you add all source files to that project.
  Right click Project-->Properties-->C/C++-->General-->Warning level:
  Here selecting highest level of warning Level 4 /W4 option enables all warnings and diagnostic messages.
  Once you compile the code using VC++, the warnings are displayed in the Build output window of VC++.

 Static analyze your source and catch all potential bugs early before they get a chance to execute and become a pain to debug, as ounce of prevention is better than pounds of cure!