HP UX Web Development Tools manual Advanced static code analysis, $ cadvise cc -c hello.c

Page 8

“Detection of pre-defined or user-defined coding guideline violation” (page 8)

“Easy to integrate and use” (page 8)

1.2.1Advanced static code analysis

Cadvise is a powerful static code analysis tool that automatically diagnoses various issues in a source program. It improves developer productivity by finding defects at code development time, and leads to more robust and secure software because of fewer escaped defects.

Cadvise leverages advanced cross-file analysis technology from HP compilers. It stores the diagnosed information in a program database. With the built-in knowledge of system APIs, cadvise looks deep into the code and provides helpful warnings with fewer false positives.

1.2.2 Defect detection

Cadvise detects a wide range of coding errors and potential problems such as memory leaks, used after free, double free, array/buffer out of bounds access, illegal pointer access, uninitialized variables, unused variables, format string checks, suspicious conversion and casts, out of range operations, C++ coding style warnings, and so on.

1.2.3 Security vulnerability checks

Security flaws are not only very costly to fix, they can lead to a bad reputation and potential loss of customers. Cadvise detects security vulnerabilities in the source code such as buffer overflows, use of unsafe APIs, use of unsafe file path, unsafe data length argument, unsafe loop exit condition, unsafe use of tainted data, and so on.

1.2.4 Porting and migration

The cadvise also helps you to identify the potential problems in converting applications from 32-bit to 64-bit. The porting help is also available in 32-bit mode. This enables you to evaluate the porting effort before the actual porting begins.

While porting from Linux or Windows? to HP-UX you might encounter problems converting from little-endian to big-endian. cadvise identifies instances where different endianness might produce different results. These instances are very difficult to find manually.

Further, migrating your applications from PA-RISC to HP Integrity systems is much easier with the help of cadvise, which helps you identify the differences between the two compilers and begin porting the code to HP Integrity systems without leaving the familiar PA-RISC environment.

1.2.5 Detection of pre-defined or user-defined coding guideline violation

Cadvise has a built-in coding guidelines checker which diagnoses violations to the coding guidelines and emits appropriate diagnostic messages. You can modify the default set of rules or write your own set of rules to enforce coding guidelines. Cadvise has the appropriate API header files and a set of sample files along with the corresponding Makefile to rebuild the rules library.

1.2.6 Easy to integrate and use

Cadvise is available for HP-UX developers on both HP Integrity and PA-RISC systems as part of C and C++ compiler bundles or as a direct download. The default installation location is /opt/cadvise. Cadvise can be seamlessly integrated with the build process and makefiles. The reporting tool, cadvise report helps you to filter the important warnings without getting lost in tons of trivial warnings.

For example, to use cadvise for a single file, you can simply use the following command:

$ cadvise cc -c hello.c

You can also specify the program database and other options at the command line, as in the following example:

8Introduction

Page 7 Page 9
Image 8
Page 7 Page 9
Contents HP Code Advisor C.02.20 User Guide Page Contents Contents Document conventions and symbols About this documentIntended audience Related informationHP encourages your comments Cadvise-help@lists.hp.comFeatures Cadvise user interface FeaturesIntroduction Cadvise user interfaceAdvanced static code analysis $ cadvise cc -c hello.cSupported compilers $ cadvise -pdb ./mypdb +wlint aCC hello.cppUsing Cadvise Steps in using cadviseSupported platforms Installing Cadvise Getting startedInvoking Cadvise Using Cadvise as a wrapper around Compiler or Linker For information on PDB, see Using the Program Database PDBSee the following makefile content Integrating Cadvise with the makefiles and build processExample 2 Sample wrapper script Enabling different categories of diagnostic messagesGenerating code complexity metrics Example 3 Generating code complexity metrics Objfile.metricsGenerating code complexity metrics Example 4 Code complexity metrics $ cat /tmp/example.c+wcodeguide=rules-library Source structure in the rules library Example 5 Writing a rule to enforce naming conventionUsing the Program Database PDB PDB options table Specifying the PDB locationDeleting PDB Disabling locks in PDB operationsCreating a PDB snapshot at a specified location Displaying PDB versionExample 8 Removing object file information from the PDB Example 9 Creating a PDB snapshotCross-file analysis options Using cross-file analysisUsage Crossfile=auto Example 15 Specifying the location of object files Configuring diagnostic messages Diagnostic configuration options tableSuppressing warnings selectively Enabling warnings selectivelyManaging warnings in a source file Interpreting selective warnings as errorsDisabling warnings in a macro Generating reports Report generation options tableCadvise report report-options -pdb pdbdir Cadvise report report-options logfileGenerating summary reports Generating file summary reportGenerating detailed report $cadvise report -summary -pdb testpdb -noheaderTo save reports, run the following command Generating Html reportExample 23 Generating detailed report $ cadvise report -pdb testpdb -allPrinting diagnostics with specific diagnostic numbers Following example shows the command to generate XML reportGenerating XML report Example 24 Generating an XML reportSuppressing diagnostics for specific files Generating reports based on severity$ cadvise report -pdb testpdb -diag Example 26 Generating reports based on severityReporting diagnostics from specific files Reporting program complexity metrics$ cadvise report -pdb test.pdb -summary -exclude inflate.c $ cadvise report -pdb test.pdb -summary -include inflate.c$ cadvise report -pdb gzip.pdb +metrics -include inflate.c Generating report for a moduleExample 29 Reporting program complexity metrics Modifying the default severity level of a diagnostic Suppressing report headerGenerating PDB comparison report $ cadvise report -pdb test.pdb -summary -module test1Example 34 Generating detailed diff report with the header $ cadvise report -pdb tmp.pdb -basepdb tmp1.pdb -allExample 35 Generating diff report for any particular warning $ cadvise report -pdb tmp.pdb -basepdb tmp1.pdb -diag$ cadvise report -pdb tmp.pdb -basepdb tmp1.pdb -severity $ cadvise -pdb pdb1 cc one.c two.cReport options file $ cadvise report -pdb new.pdb -basepdb old.pdb -allExample 42 Generating a report using -migration option Generate report for migration related warningsGenerating consolidated report from multiple PDBs Example 41 Report options fileRecommended process for analyzing the diagnostic messages Generating PDB diffs with multiple PDBsReport options interoperability $ cadvise report -pdb 1.pdb2.pdb3.pdb4.pdb -allExample 44 Reporting options interoperability $ cadvise report -pdb test.pdb -diag 2549 -exclude b.cExample 45 Ignoring the -includeoption $ cadvise report -pdb test.pdb -summary -include a.cb.cExample 48 Using -noabort Miscellaneous driver optionsHelp-h-H Example 47 Displaying the list of cadvise optionsExample 49 Using -nobuild option Following command creates the file cadvdir/foo.cadExample 51 Using -tee option Following example shows the usage of -nobuildoptionExample 52 Using +opts filename option Line generates the following messagesDetecting generic programming errors Categories of diagnostics with examplesCategories of diagnostics table Categories of diagnostics with examples Example 53 Null pointer dereference check Such cases, cadvise generates the following warningExample 54 Potential memory leak check Such cases, cadvise generates the following warningsExample 55 Out of bound access Example 56 Out of scope accessExample 58 Allocator/deallocator mismatch Such cases, cadvise generates the following errorExample 57 Use of pointer after free Detecting 32-bit to 64-bit migraton issues Detecting endianness migration issuesExample 60 Detecting 32-bit to 64-bit migraton issues Example 59 Signed bit field of lengthConsider the following code fragment Detecting potential security vulnerabilitiesExample 61 Detecting endian dependent code fragments Detecting multi-threaded programming issues This case, cadvise generates the following errorDetecting potential performance improvement opportunities Example 63 Detecting multi-threaded programming issuesRunning cadvise generates the following error Detecting potential performance improvement opportunities Fixing the warnings by source change Incompatibilities on PA-RISC based systems AC++ standard conformance and compatibility changesSymbols Index
Top Page Image Contents