First Look at CDT Code Analysis

Recently, I have been looking at Static Code Analysis for the Eclipse CDT. This allows for quick detection of potential coding problems without requiring a potentially long compile or running the program through another external tool.

Analyzing C/C++ source code makes use of the abstract syntax tree generated by the CDT’s C/C++ parser. A “checker” detects one kind of coding problem using a Visitor pattern to visit elements of interest in the abstract syntax tree of a translation unit/source file. New checkers are contributed via Eclipse’s Extension Point mechanism.

I have begun work on a new checker to warn users if they are attempting to close a file that they did not open yet. The visitor visits expressions looking for an open IASTFunctionCallExpression. Then it needs to find the variable that will store the returned file descriptor from open. The case of assigning the file descriptor to a variable in a declaration statement needs to be handled separately from assignment to an already declared variable. This is because the two types of statements are viewed quite differently in the AST.
The IASTName of the variable is stored in a list of opened file descriptor variables.

Close file descriptor checker in action

Close file descriptor checker in action

A close IASTFunctionCallExpression has its argument compared with the list of previously encountered opened file descriptor variables. If the IASTName for close’s argument does not match any in the list, then we report a warning to the user.

I am hosting my CDT code analysis work in a Git repository on Fedora People. Please take a look!

git clone git://

There is still much work to be done for this checker to be usable for an end-user.

  1. Visit order — it is likely not the case that the visitor will visit code in the order of the control flow of a program.
  2. Secondary variable assignment — we need to handle the case that an opened file descriptor variable may be copied to another variable.
  3. Multiple translation units — we should be able to track file descriptors passed between different files.

2 Responses to “First Look at CDT Code Analysis”

  1. Andrew Overholt Says:

    Very cool stuff, Elliott! I look forward to seeing the fruits of your labour.

  2. erkkilaitila Says:

    you must have some common topics with my work, symbolic analysis.
    I have created theory for source code simulation.
    Please, look at

    Erkki Laitila, PhD, Jyväskylä, Finland

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: