I am interested in static analysis tools that are out there. Or rather the API’s that are supported to allow me to write my own tools using these API’s.
I’ve written dozens over the years at my present employment that scrutinize our source code (C++) for various things. But one thing I want to know is if there are other static analysis API’s that are available. So
My question are
- What static analysis API’s do you use?
- Why do you use it?
- Name one thing you have written with it?
As for me, my answers are:
What:
I use an API for understand 4 c++.
Why:
I use it because:
- The C API for it is one header file (Very small)
- The C API requires almost no memory management
- I wrote a managed wrapper around it so I can use c# with it!
- The API is very small but powerful in finding various things.
One Tool:
Well, last week I wrote a tool to take a virtual function on a base class and then to change the accessibility on it and all virtual overrides on derived classes.
This would have taken me a week to do by hand. Using the tool which took me a very short time to write I was able to change almost a thousand files with one push of a button. Cool
Note:
I’ve also played around with the C++ code model that is available with Visual studio and have been successful in writing macros to target that.
Thanks, and I look forward to any answers you may have.
Our DMS Software Reengineering Toolkit is commercially available, general purpose machinery for parsing/analyzing/transforming source code for many languages, including C, C++, C#, Java, COBOL, …
It uses explicit langauge definitions (e.g., BNF) to drive parsing machinery to build ASTs directly; DMS supports multiple dialects for some languages. There are built in analyzers to support symbol table construction, control and data flow anlaysis, points-to analysis, symbolic range analysis …
For C, Java and COBOL, the built-in analysis machinery is tied to the language definitions so that you can use these analyzers as a foundation for a custom analysis you might want to build. C++ does have the symbol tables but isn’t yet tied to the other internal analyzers, but the machinery is there.
DMS also provides procedural and source-to-source transformations, conditioned by analysis results, on top of all of this; the modified ASTs can be prettyprinted to regenerate compilable source complete with the original comments.
Your three questions:
1.What static analysis API’s do you use?
2.Why do you use it?
Its amazing how many different questions people have about code,
and how many ways they want to reshape a large application.
3.Name one thing you have written with it?