Wireshark-dev: Re: [Wireshark-dev] checkapi

From: Evan Huus <eapache@xxxxxxxxx>
Date: Fri, 22 Apr 2016 10:48:44 -0400
On Fri, Apr 22, 2016 at 10:24 AM, Jeff Morriss
<jeff.morriss.ws@xxxxxxxxx> wrote:
>
>
> On Fri, Apr 22, 2016 at 3:28 AM, Graham Bloice <graham.bloice@xxxxxxxxxxxxx>
> wrote:
>>
>> Just thinking for this for about 30 secs, is there another way?  checkAPIs
>> seems to be a very rudimentary (not meant in any derogatory way just because
>> it's written in Perl :_)) static code analyser.  Is there any way an actual
>> code analyser could be used with a configuration file listing the banned
>> API's etc.?  I guess one issue with that approach is that all the static
>> analysers I've used are quite slow, although that's maybe because I have
>> them turned up to 11.
>
>
> There are; someone (Evan?) suggested a couple of options a few years ago but
> I guess no one had enough interest to do anything about it.  But either my
> memory is wrong or my Google-fu isn't working well today because all I'm
> finding is a suggestion from Sebastien way back in 2008 (I really thought it
> was discussed more recently than that--and with more suggestions):
>
> https://www.wireshark.org/lists/wireshark-dev/200805/msg00128.html

I think I remember talking about http://cppcheck.sourceforge.net/ -
IIRC it lets you define custom rules either as regexes or as more
complex scripts on the C/C++ AST, though I haven't looked at it in a
while.

> Of course I doubt such tools could fully replace checkAPIs: it has a lot of
> custom stuff in there like ensuring various arrays are NULL terminated and
> that hf fields are appropriate (writing the regex to match all the hf array
> entries was all sorts of challenging fun :-)).

This may be somewhere a little bit of AST might go a long way, but it
would certainly be a lot of work to migrate everything over.

> (You really should just come on over to the world of Perl; eventually you'll
> wonder how you ever got along without it! ;-))
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe