Plug-In Tutorial: C++ Version

• Preliminaries
• Part One
• Part Two

Preliminaries

It is important to build your plug-in with the same pointer width as that of your CodeSonar installation. Otherwise, the plug-in build will fail and report errors in cs_basic_types.h.

• If you are not sure whether you are using 32-bit or 64-bit CodeSonar, look at the "Host Platform" line in $CSONAR/SIGNATURE.txt.
• We provide command lines for some common cases below; in other cases you will need to consult your compiler documentation.

Part One

The plug-in for Part One implements a check for variable names containing upper case characters. There are three important elements in the plug-in:

• Creating a new warning class for the warnings that will be issued when variables contain upper case characters.
• Defining a function that takes a symbol and, if it corresponds to a user-defined variable, checks the case of the characters in the variable name.
• Attaching that function to the visitor list for variable symbols.

• UCvar_plugin.cpp
• Preliminaries
• Build
• Install
• Exercise
• Clean Up

UCvar_plugin.cpp

File UCvar_plugin.cpp is reproduced below.

  //
//      Copyright (c) 2023, an unpublished work by CodeSecure, Inc.
//                      ALL RIGHTS RESERVED
//
//      Copyright (c) 2017-2023, an unpublished work by GrammaTech, Inc.
//                      ALL RIGHTS RESERVED
// 
//      This software is furnished under a license and may be used and
//      copied only in accordance with the terms of such license and the
//      inclusion of the above copyright notice.  This software or any
//      other copies thereof may not be provided or otherwise made
//      available to any other person.  Title to and ownership of the
//      software is retained by CodeSecure, Inc.
// 

// UCvar_plugin.cpp
// 
//  A small example plugin that reports declarations for variables
//  whose names contain upper case characters.

// Must precede #include "csonar_api.hpp".
#define CS_CPP_IMPL

// For Visual C++
#define _CRT_SECURE_NO_WARNINGS 1
 
// Include the entire CodeSonar C++ API.
#include "csonar_api.hpp"  
 
// for std::cout
#include <iostream>

// for isupper
#include <cctype>



// The plug-in defines a new warning class to go with its new check. We
// do not associate any CodeSonar mnemonics or CWE identifiers with the
// new class, as none are appropriate.  The new warning class must be
// created either in the top level scope or inside cs_plug_main().

static cs::warningclass upvar_wc = cs::analysis::create_warningclass(
    "Variable name has upper case characters",
    "",
    1.0,
    cs::warningclass_flags::PADDING,
    cs::warning_significance::STYLE
    );


// Visitors should be at the finest granularity that is appropriate
// for the check. This plug-in is checking a property of variable
// names, so we define a visitor that operates on symbols.

class check_var_case: public cs::visitor<cs::symbol>
{
  void operator()(cs::symbol sym){
    std::string nm = sym.name();                   // cs::symbol::name()

    // If there are one or more upper case characters and the variable
    // is declared in user code, issue a warning and return.
    for ( std::string::iterator it=nm.begin(); it!=nm.end(); ++it){
      if (isupper(*it)){
        
        try {
          cs::sfileinst_line_pair symfl = sym.file_line();
          if (!symfl.first.is_system_include()){   // cs::sfileinst::is_system_include()
            upvar_wc.report(symfl.first,
                            symfl.second,
                            "Variable name " + nm + " has upper case character");
            
            return;
          }
        }
        catch( const cs::result &r ){
            // If no position, do not report warning. Rethrow any
            // other cs::result exceptions.
          if (r==cs::result::NO_POSITION) return;
          throw;
        }
      }
    }
  }
};

// Create an instance of check_var_case, and add it as a symbol
// visitor.  Visitors must be added either in the top-level scope or
// in cs_plug_main().
static char dummy = (cs::analysis::add_symbol_visitor(new check_var_case()), 0);    

// Every C++ plug-in for CodeSonar must define this function. 
static void cs_plug_main(void){}


// All CodeSonar C++ plug-ins must finish with a line of this form (at
// the top level). Note that the argument UCvar_plugin to
// CS_DEFINE_PLUGIN corresponds to the name of the compiled plug-in
// (which will be UCvar_plugin.dll, UCvar_plugin.bundle, or
// UCvar_plugin.so, depending on your system).
CS_DEFINE_PLUGIN(UCvar_plugin)

  

Build

Build the plug-in into a library.

• Choose the appropriate command line from the following table. Compilation instructions vary slightly depending on your operating system.
  • Windows
  • All other systems

  	Compiler	Command Line	Notes
  Windows
  	cl	cl /LD /MD /EHsc "/I%CSONAR%\codesonar\include" "/I%CSONAR%\csurf\include" UCvar_plugin.cpp "%CSONAR%\codesonar\lib\codesonar.lib"	If you are using 64-bit CodeSonar, use 64-bit cl (see How to: Enable a 64-Bit Visual C++ Toolset on the Command Line).
  	Cygwin g++	Note: Cygwin g++ is only suitable for building 32-bit CodeSonar plugins. Cygwin g++ only builds Cygwin binaries, so is not suitable for building CodeSonar plug-ins. If you do not have an alternative g++, you will need to download and install one. One option is mingw-w64. Cygwin 1.7 Use the g++-3 executable (not g++ / g++-4, which does not support -mno-cygwin). If you do not have a g++-3 binary, use Cygwin's setup.exe tool to install the mingw-g++ component. g++-3 -shared -mno-cygwin "-I$CSONAR/codesonar/include" "-I$CSONAR/csurf/include" UCvar_plugin.cpp -o UCvar_plugin.dll "-L$CSONAR/codesonar/lib" -lcodesonar Cygwin 1.5 g++ -shared -mno-cygwin "-I$CSONAR/codesonar/include" "-I$CSONAR/csurf/include" UCvar_plugin.cpp -o UCvar_plugin.dll "-L$CSONAR/codesonar/lib" -lcodesonar	If you are using 32-bit CodeSonar on a 64-bit platform, add the -m32 flag to the command line (unless your compiler version will not accept it).
  	MinGW g++	g++ -shared "-I$CSONAR\codesonar\include" "-I$CSONAR\csurf\include" UCvar_plugin.cpp -o UCvar_plugin.dll "-L$CSONAR\codesonar\lib" -lcodesonar	If you are using 64-bit CodeSonar, use 64-bit MinGW g++. Note that, depending on your system configuration, this may not be the version invoked by the 'g++' command - in this case you will need to either adjust your environment or use a different name to invoke the correct compiler. If you are using 32-bit CodeSonar on a 64-bit platform, add the -m32 flag to the command line (unless your g++ version will not accept it).
  All Other Systems We provide a full example for g++. For other compilers, build UCvar_plugin.so from UCvar_plugin.cpp, including $CSONAR/codesonar/include and $CSONAR/csurf/include.
  	g++	g++ -fPIC -shared -o UCvar_plugin.so UCvar_plugin.cpp -I$CSONAR/codesonar/include -I$CSONAR/csurf/include	If you are using 32-bit CodeSonar on a 64-bit platform, add the -m32 flag to the command line (unless it causes problems).

See Writing C++ Plug-Ins For CodeSonar for further compilation details and troubleshooting hints.

Install

Install the plug-in:

• Copy or move your compiled plug-in (UCvar_plugin.dll, UCvar_plugin.so, or UCvar_plugin.bundle) to directory
  $CSONAR/codesonar/plugins/
  (If you don't have access to this directory, use the PLUGINS configuration file option to specify the file path for your compiled plug-in.)

Exercise

We have provided an extremely short example program to exercise the plug-in. You can also try building other programs into CodeSonar projects to see how many variables they contain whose names include upper case letters.

• Build testvar.c into a CodeSonar project. Your exact build command will, as always, depend on your local build tools and on the hub location (host:port). In many cases, one of the following will suffice:

  with cl:	codesonar analyze testvar host:port cl /c testvar.c
  with gcc:	codesonar analyze testvar host:port gcc -c testvar.c

  See Building Projects (Command Line) or Building Projects (Windows Build Wizard) for more information about building a CodeSonar project.
• Look at the analysis results to see where the warnings are issued and what the warning reports look like.

  Note that procedure names are not associated with the warnings. This is because we used cs::warningclass::report(sfileinst, line_number, std::string, report_flags), which reports a warning at a code location without reporting a procedure name (because, among other reasons, a line may contain multiple procedures).

Clean Up

If you don't want to be warned in future about variable names containing upper case letters:

• Remove the compiled plug-in (UCvar_plugin.dll, UCvar_plugin.so, or UCvar_plugin.bundle) from $CSONAR/codesonar/plugins/

  (If you used an alternative location, remove the associated PLUGINS configuration file setting).

Part Two

The plug-in for Part Two implements a check for mismatched parentheses in the output of a program. This involves setting up a step visitor to ensure that the control-flow paths in the program involve properly balanced calls to the procedures that write opening and closing parentheses.

• callseq_plugin.cpp
• Build
• Install
• Exercise
• Clean Up

callseq_plugin.cpp

callseq_plugin.cpp contains comments describing the various elements of the plug-in. See these comments for details.

Build

Build the plug-in into a library.

• Choose the appropriate command line from the following table. Compilation instructions vary slightly depending on your operating system.
  • Windows
  • All other systems

  	Compiler	Command Line	Notes
  Windows
  	cl	cl /LD /MD /EHsc "/I%CSONAR%\codesonar\include" "/I%CSONAR%\csurf\include" callseq_plugin.cpp "%CSONAR%\codesonar\lib\codesonar.lib"	If you are using 64-bit CodeSonar, use 64-bit cl (see How to: Enable a 64-Bit Visual C++ Toolset on the Command Line).
  	Cygwin g++	Note: Cygwin g++ is only suitable for building 32-bit CodeSonar plugins. Cygwin g++ only builds Cygwin binaries, so is not suitable for building CodeSonar plug-ins. If you do not have an alternative g++, you will need to download and install one. One option is mingw-w64. Cygwin 1.7 Use the g++-3 executable (not g++ / g++-4, which does not support -mno-cygwin). If you do not have a g++-3 binary, use Cygwin's setup.exe tool to install the mingw-g++ component. g++-3 -shared -mno-cygwin "-I$CSONAR/codesonar/include" "-I$CSONAR/csurf/include" callseq_plugin.cpp -o callseq_plugin.dll "-L$CSONAR/codesonar/lib" -lcodesonar Cygwin 1.5 g++ -shared -mno-cygwin "-I$CSONAR/codesonar/include" "-I$CSONAR/csurf/include" callseq_plugin.cpp -o callseq_plugin.dll "-L$CSONAR/codesonar/lib" -lcodesonar	If you are using 32-bit CodeSonar on a 64-bit platform, add the -m32 flag to the command line (unless your compiler version will not accept it).
  	MinGW g++	g++ -shared "-I$CSONAR\codesonar\include" "-I$CSONAR\csurf\include" callseq_plugin.cpp -o callseq_plugin.dll "-L$CSONAR\codesonar\lib" -lcodesonar	If you are using 64-bit CodeSonar, use 64-bit MinGW g++. Note that, depending on your system configuration, this may not be the version invoked by the 'g++' command - in this case you will need to either adjust your environment or use a different name to invoke the correct compiler. If you are using 32-bit CodeSonar on a 64-bit platform, add the -m32 flag to the command line (unless your g++ version will not accept it).
  All Other Systems We provide a full example for g++. For other compilers, build callseq_plugin.so from callseq_plugin.cpp, including $CSONAR/codesonar/include and $CSONAR/csurf/include.
  	g++	g++ -fPIC -shared -o callseq_plugin.so callseq_plugin.cpp -I$CSONAR/codesonar/include -I$CSONAR/csurf/include	If you are using 32-bit CodeSonar on a 64-bit platform, add the -m32 flag to the command line (unless it causes problems).

Install

Install the plug-in:

• Copy or move your compiled plug-in (callseq_plugin.dll, callseq_plugin.so, or callseq_plugin.bundle) to directory
  $CSONAR/codesonar/plugins/
  (If you don't have access to this directory, use the PLUGINS configuration file option to specify the file path to your compiled plug-in.)

Exercise

We have provided an extremely short example program to exercise the plug-in.

• Build callseq_sample.c into a CodeSonar project. Your exact build command will, as always, depend on your local build tools and on the hub location (host:port). In many cases, one of the following will suffice:

  with cl:	codesonar analyze callseq host:port cl /c callseq_sample.c
  with gcc:	codesonar analyze callseq host:port gcc -c callseq_sample.c

  See Building Projects (Command Line) or Building Projects (Windows Build Wizard) for more information about building a CodeSonar project.
• Look at the analysis results to see where the warning is issued, where the warning name appears in the results, and where the warning message appears.

Clean Up

If you don't want to use this plug-in in future:

• Remove the compiled plug-in (callseq_plugin.dll, callseq_plugin.so, or callseq_plugin.bundle) from $CSONAR/codesonar/plugins/

  (If you used an alternative location, remove the associated PLUGINS configuration file setting).

More on Plug-Ins

General Information:

Specific API Language: