Cryptography Reference
In-Depth Information
than the classical
lint
, products that are capable of discovering an enormous
bandwidth of potential problems in program code, represented only in small part
by syntax errors that definitively prevent a compiler from effecting a translation
of the code. A few examples of the problem domains that can be uncovered by
static analysis are as follows:
•
syntax errors,
•
missing or inconsistent function prototypes,
•
inconsistencies in the passing of parameters to functions,
•
references to or joining of incompatible types,
•
use of uninitialized variables,
•
nonportable constructs,
•
unusual or implausible use of particular language constructs,
•
unreachable code sequences,
An imperative condition for stringent type-checking by automated tools is
the use of function prototypes. With the help of prototypes an ISO-conforming
C compiler is capable of checking, across all modules, the types of arguments
passed to functions and detecting inconsistencies. Many compilers can also
be set to analyze the source code, as they recognize many problems when the
appropriate warning levels are turned on. The C/C++ compiler
gcc
of the GNU
project of the Free Software Foundation, for example, possesses above-average
analysis functions, which can be activated with the options
-Wall -ansi
and
-pedantic
.
2
For static testing in setting up the FLINT/C functions, in addition to tests
being performed on a number of different compilers (see page 8), there were
employed primarily the products PC-lint from Gimpel Software (version 7.5; see
[Gimp]) and Splint from the Secure Programming Group at the University of
Virginia (version 3.1.1; see [Evan]).
3
PC-lint has proved itself to be a very useful tool for testing both C and C++
programs. It knows about approximately two thousand separate problems and
uses mechanisms that in a limited way derive from the code the values loaded
into automatic variables at run time and include this in the diagnosis. In this way
many problems, such as exceeding the limits of vectors, that are usually, if at all,
detected only at run time (which is to say during testing, it is to be hoped, and not
afterwards) can be uncovered already during static analysis.
2
The compiler is included in the various Linux distributions and can also be obtained from
3
Splint is the successor to the tool LCLint, which was developed in cooperation with the Mas-
sachusetts Institute of Technology and Digital Equipment Corporation (DEC). Splint can be
