Custom Checkers
SDC Systems design and support custom checkers and taxonomies in order to find code defects that the standard Klocwork checkers don’t look for. These can be as simple as checking that there is no use of the goto statement in C code to complex checkers that enforce stricter rules when using classes and inheritance in C++ or Java. SDC Systems are able to produce custom checkers for all of the languages supported by Klocwork static analysis.
KAST or Path Custom Checkers?
Klocwork supports two different types of custom checker: those written against the Klocwork abstract syntax tree (KAST) and those written against the intermediate representation (Path).
KAST checkers are useful for finding syntax-related oddities or idioms that you wish to control, for example as part of a style or coding guideline. KAST checkers operate against the abstract syntax tree that the Klocwork compiler generates from a source module, and work by searching that tree in a hierarchical fashion to locate code constructs that are to be reported. KAST is an XPath-like domain-specific language that provides operators and functions that support the construction of declarative statements identifying the appropriate part of the syntax tree.
Path checkers search for control-flow and data-flow issues, including interprocedural flows. Path checkers operate against an intermediate representation of the code that is called MIR. This structure is like a flowchart, in which each function in the source is represented by a control-flow graph composed of MIR nodes, each node encoding an operation in first order logic and a potential set of incoming and outgoing edges. Path checkers must be written in C++, and follow the control-flow paths through the MIR, searching for the defect you’ve identified. A typical Path checker tracks a value from a source (a starting point for analysis) to a sink (the end point where the defect is detected), using the source and sink ‘trigger’ points you specify.
About Rogue Wave Software
Rogue Wave Software are the largest independent provider of cross-platform software development tools and embedded components in the world. Through decades of solving the most complex problems across financial services, telecommunications, healthcare, government, academia, and other industries, Rogue Wave tools, libraries, and services enable developers to write better code, faster. More details…
Find out more…
For more information on Klocwork static analysis, custom checkers and taxonomies from SDC Systems or to request a 7-day free trial, please complete the form below.