[antlr-interest] code analysis tool

mzukowski at yci.com mzukowski at yci.com
Thu Oct 16 11:55:33 PDT 2003 

As the author of GNUCTreeParser and friends I'd love to see a little
application like this out there.  Are you planning to open source it?  

FYI the gcc toolkit was originally written for Cisco to allow them to do
custom analyses like this.

Tree parsers match syntax and can only wildcard within limitations of the
grammar.  Semantics will require actions.  The best thing will probably be
to try some out.  

For instance, syntactically malloc() is just another function call.  Within
the function call rule you'll need to inspect the text to see if it is a
malloc() and go from there.

There are also findAll() and findAllPartial() methods and such which will
match trees against trees and this might help finding things like copied &
pasted code if you know what you are looking for.

After you do a few checks by hand you'll be in a much better position to
refactor and make adding new checks easy.

There are also existing tools that do this kind of stuff, of course, but
where's the fun in that?  ;)

Monty

-----Original Message-----
From: Brad [mailto:b.knotwell at f5.com] 
Sent: Thursday, October 16, 2003 10:42 AM
To: antlr-interest at yahoogroups.com
Subject: [antlr-interest] code analysis tool

Hello all--

Disclaimer:  I'm new to antlr and, though I've done some research, not
exactly familiar with methodologies for solving the problem I'd like to
solve.

Problem:  I'd like to create a tool that can be used to search for
common C coding errors (eg unchecked mallocs or fopens, memory leaks
under error conditions, malloc(strlen(myString + 1)) etc).  Furthermore,
I'm much more concerned about easily adding new checks than I am
efficiency.

My current high-level strategy (again, this is the first time I've
thought about this so I might be way off).

  1) use one of antlr's C tree parsers (specifically, GNUCTreeParser) to
create an abstract syntax tree.
  2) have each check traverse the tree to find and display instances of
its issue.

A coupla small questions:

  1) does this sound like a reasonable approach (AKA do I understand the
utility of tree parsers)?
  2) how difficult would you rate a project like this?
  3) how would you structure things to make adding new checks simple?

If these are inappropriate for this forum, lemme know.

Thanks.

-- 
Brad <b.knotwell at f5.com>


 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 


 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

More information about the antlr-interest mailing list