HP UX Web Development Tools manual Categories of diagnostics with examples

Page 45

8 Categories of diagnostics with examples

Cadvise detects a wide range of coding errors and potential problems such as memory leaks, used after free, double free, array/buffer out of bounds access, illegal pointer access, un-initialized variables, unused variables, format string checks, suspicious conversion and casts, out of range operations, and C++ coding style warnings.

8.1 Categories of diagnostics table

Following are some examples of the various checks done by the HP Code Advisor:

+w

Enables all the warnings about potentially questionable constructs in the compiler.

+wall

Enables all the compile time checks.

“+wlint” (page 45)

Provides compile-time diagnostics which detect potential errors in the source code.

“+w64bit ” (page 51)

Enables warnings that help detection of potential problems in converting 32-bit

 

applications to 64-bit.

“+wendian” (page 51)

Detects code fragments which are endian dependent.

“+wsecurity[=1234]” (page 52) Enables compile time diagnostic messages for potential security vulnerabilities.

“+wlock” (page 53)

Detects multi-threaded programming issues.

“+wperfadvice[=1234]

Generates performance advisory diagnostics.

(page 54)

+w

This option enables all the warnings about potentially questionable constructs in the compiler. This includes the +wlint and +w64bit warnings and many others. The number of warnings generated by this option may be up to 5-10 times more than those generated by +wlint.

This option enables all the warnings about potentially questionable constructs in the compiler. This includes the +wlint and +w64bit warnings and many others. The number of warnings generated by this option may be up to 5-10 times more than those generated by +wlint.

Following are some examples of warnings enabled by the +w option:

-Variable is declared but never referenced

-Comparison of unsigned integer with signed integer

-Padding size of structure to alignment boundary

-Argument is incompatible with corresponding format string conversion

+wall

The +wall option enables all the compile time checks. The +wall option includes security checks and requires cross-module analysis. Hence, you must specify the location of the program database using the -pdboption, whenever you use +wall.

8.2Detecting generic programming errors

The compile time diagnostic messages generated by the +wlint option can be very useful in detecting potential problems in the source code. The number of warnings generated by this option may be up to 5-10 times more than those generated by default by the compiler. For example, the following warnings are enabled by this option:

-Argument is incompatible with formal parameter

-Function declared implicitly

-Function is re-declared after being called

8.1 Categories of diagnostics table

45

Page 44 Page 46
Image 45
Page 44 Page 46
Contents HP Code Advisor C.02.20 User Guide Page Contents Contents About this document Document conventions and symbolsIntended audience Related informationCadvise-help@lists.hp.com HP encourages your commentsCadvise user interface Features FeaturesIntroduction Cadvise user interface$ cadvise cc -c hello.c Advanced static code analysis$ cadvise -pdb ./mypdb +wlint aCC hello.cpp Supported compilersSteps in using cadvise Using CadviseSupported platforms Installing Cadvise Getting startedInvoking Cadvise For information on PDB, see Using the Program Database PDB Using Cadvise as a wrapper around Compiler or LinkerSee the following makefile content Integrating Cadvise with the makefiles and build processEnabling different categories of diagnostic messages Generating code complexity metricsExample 2 Sample wrapper script Objfile.metrics Example 3 Generating code complexity metricsGenerating code complexity metrics $ cat /tmp/example.c Example 4 Code complexity metrics+wcodeguide=rules-library Example 5 Writing a rule to enforce naming convention Source structure in the rules libraryUsing the Program Database PDB Specifying the PDB location PDB options tableDeleting PDB Disabling locks in PDB operationsDisplaying PDB version Creating a PDB snapshot at a specified locationExample 8 Removing object file information from the PDB Example 9 Creating a PDB snapshotUsing cross-file analysis UsageCross-file analysis options Crossfile=auto Example 15 Specifying the location of object files Diagnostic configuration options table Configuring diagnostic messagesSuppressing warnings selectively Enabling warnings selectivelyInterpreting selective warnings as errors Disabling warnings in a macroManaging warnings in a source file Report generation options table Generating reportsCadvise report report-options -pdb pdbdir Cadvise report report-options logfileGenerating file summary report Generating summary reportsGenerating detailed report $cadvise report -summary -pdb testpdb -noheaderGenerating Html report To save reports, run the following commandExample 23 Generating detailed report $ cadvise report -pdb testpdb -allFollowing example shows the command to generate XML report Printing diagnostics with specific diagnostic numbersGenerating XML report Example 24 Generating an XML reportGenerating reports based on severity Suppressing diagnostics for specific files$ cadvise report -pdb testpdb -diag Example 26 Generating reports based on severityReporting program complexity metrics Reporting diagnostics from specific files$ cadvise report -pdb test.pdb -summary -exclude inflate.c $ cadvise report -pdb test.pdb -summary -include inflate.cGenerating report for a module Example 29 Reporting program complexity metrics$ cadvise report -pdb gzip.pdb +metrics -include inflate.c Suppressing report header Modifying the default severity level of a diagnosticGenerating PDB comparison report $ cadvise report -pdb test.pdb -summary -module test1$ cadvise report -pdb tmp.pdb -basepdb tmp1.pdb -all Example 34 Generating detailed diff report with the header$ cadvise report -pdb tmp.pdb -basepdb tmp1.pdb -diag Example 35 Generating diff report for any particular warning$ cadvise -pdb pdb1 cc one.c two.c $ cadvise report -pdb tmp.pdb -basepdb tmp1.pdb -severity$ cadvise report -pdb new.pdb -basepdb old.pdb -all Report options fileGenerate report for migration related warnings Example 42 Generating a report using -migration optionGenerating consolidated report from multiple PDBs Example 41 Report options fileGenerating PDB diffs with multiple PDBs Recommended process for analyzing the diagnostic messagesReport options interoperability $ cadvise report -pdb 1.pdb2.pdb3.pdb4.pdb -all$ cadvise report -pdb test.pdb -diag 2549 -exclude b.c Example 44 Reporting options interoperabilityExample 45 Ignoring the -includeoption $ cadvise report -pdb test.pdb -summary -include a.cb.cMiscellaneous driver options Example 48 Using -noabortHelp-h-H Example 47 Displaying the list of cadvise optionsFollowing command creates the file cadvdir/foo.cad Example 49 Using -nobuild optionExample 51 Using -tee option Following example shows the usage of -nobuildoptionLine generates the following messages Example 52 Using +opts filename optionCategories of diagnostics with examples Categories of diagnostics tableDetecting generic programming errors Categories of diagnostics with examples Such cases, cadvise generates the following warning Example 53 Null pointer dereference checkSuch cases, cadvise generates the following warnings Example 54 Potential memory leak checkExample 56 Out of scope access Example 55 Out of bound accessSuch cases, cadvise generates the following error Example 57 Use of pointer after freeExample 58 Allocator/deallocator mismatch Detecting endianness migration issues Detecting 32-bit to 64-bit migraton issuesExample 60 Detecting 32-bit to 64-bit migraton issues Example 59 Signed bit field of lengthDetecting potential security vulnerabilities Example 61 Detecting endian dependent code fragmentsConsider the following code fragment This case, cadvise generates the following error Detecting multi-threaded programming issuesExample 63 Detecting multi-threaded programming issues Running cadvise generates the following errorDetecting potential performance improvement opportunities Detecting potential performance improvement opportunities Fixing the warnings by source change AC++ standard conformance and compatibility changes Incompatibilities on PA-RISC based systemsIndex Symbols
Top Page Image Contents