HP UX Web Development Tools 1.2.2 Defect detection, 1.2.4 Porting and migration, 1.2.6 Easy to integrate and use, 1.2.1Advanced static code analysis, 1.2.3 Security vulnerability checks

•“Detection of pre-defined or user-defined coding guideline violation” (page 8)

•“Easy to integrate and use” (page 8)

Cadvise is a powerful static code analysis tool that automatically diagnoses various issues in a source program. It improves developer productivity by finding defects at code development time, and leads to more robust and secure software because of fewer escaped defects.

Cadvise leverages advanced cross-file analysis technology from HP compilers. It stores the diagnosed information in a program database. With the built-in knowledge of system APIs, cadvise looks deep into the code and provides helpful warnings with fewer false positives.

Cadvise detects a wide range of coding errors and potential problems such as memory leaks, used after free, double free, array/buffer out of bounds access, illegal pointer access, uninitialized variables, unused variables, format string checks, suspicious conversion and casts, out of range operations, C++ coding style warnings, and so on.

Security flaws are not only very costly to fix, they can lead to a bad reputation and potential loss of customers. Cadvise detects security vulnerabilities in the source code such as buffer overflows, use of unsafe APIs, use of unsafe file path, unsafe data length argument, unsafe loop exit condition, unsafe use of tainted data, and so on.

The cadvise also helps you to identify the potential problems in converting applications from 32-bit to 64-bit. The porting help is also available in 32-bit mode. This enables you to evaluate the porting effort before the actual porting begins.

While porting from Linux or Windows? to HP-UX you might encounter problems converting from little-endian to big-endian. cadvise identifies instances where different endianness might produce different results. These instances are very difficult to find manually.

Further, migrating your applications from PA-RISC to HP Integrity systems is much easier with the help of cadvise, which helps you identify the differences between the two compilers and begin porting the code to HP Integrity systems without leaving the familiar PA-RISC environment.

Cadvise has a built-in coding guidelines checker which diagnoses violations to the coding guidelines and emits appropriate diagnostic messages. You can modify the default set of rules or write your own set of rules to enforce coding guidelines. Cadvise has the appropriate API header files and a set of sample files along with the corresponding Makefile to rebuild the rules library.

Cadvise is available for HP-UX developers on both HP Integrity and PA-RISC systems as part of C and C++ compiler bundles or as a direct download. The default installation location is /opt/cadvise. Cadvise can be seamlessly integrated with the build process and makefiles. The reporting tool, cadvise report helps you to filter the important warnings without getting lost in tons of trivial warnings.

For example, to use cadvise for a single file, you can simply use the following command:

$ cadvise cc -c hello.c

You can also specify the program database and other options at the command line, as in the following example:

8Introduction