HP C-aC++ White Paper

HP C/aC++ Version 6 Features to Improve Developer Productivity

Version 1.6

Introduction......................................................................................................................................................2

What’s New......................................................................................................................................................2

Compile Time Diagnostics...............................................................................................................................2

Security Diagnostics ........................................................................................................................................5

Customization of Compiler Diagnostics ...........................................................................................................7

Runtime Checking ...........................................................................................................................................8

Execution Path Recovery............................................................................................................................... 14

Further information ........................................................................................................................................15

Introduction

The most time consuming and expensive task in software development is to find and fix defects. The later a defect is found in the software development process, the costlier it gets. A bug found and fixed at the coding or testing stages is better and less expensive than the same found by a user after the product release. The HP compilers for Integrity provide a number of features to help software developers detect potential problems in their programs earlier in the process.

Compile time diagnostics and Run time checks are provided to allow the developer to identify many common problems before the code is checked in. In addition, the compiler supports enhanced debugging capabilities. Execution Path Recovery feature of the compiler can provide backtracking of the execution path from the crash point in a core file or from a breakpoint in the debugger

All of the above features of the compiler lower maintenance and support costs and free up developers to spend more time implementing new features.

What’s New

The A.06.20 release of the HP C and C++ compilers provides +check=lock|thread feature, in addition to improvements on the features provided by older versions.

The A.06.15 release of the HP C and C++ compilers provides +wlock, +wperfadvice, +Wmacro and +check=bounds:pointer|gobals|truncate features, in addition to improvements on the features provided by older versions. This version also introduces the execution path recovery (+pathtrace) feature to backtrack the execution path from the crash point in a core file or from a breakpoint in the debugger.

The A.06.10 release of the HP C and C++ compilers provides +wendian option and improvements to the existing developer productivity features. This release also introduces a new C/C++ static analysis tool, HP Code Advisor, which provides all the compile time diagnostic features of Integrity compilers. This tool is available free of cost on HP-UX Integrity and PA-RISC. For more information, visit the

The Version 6 of HP C and C++ compilers provide a rich set of diagnostics that are availa ble by default and with +w, +Oinfo and +Oinitcheck options.

HP Code Advisor (cadvise) homepage.

Compile Time Diagnostics

The HP compilers contain numerous checks for potential correctness problems. Some diagnostics are emitted by default while others are enabled via explicit options listed below:

+wlint

This option enables several warnings in the compiler that are similar to the functionality of lint check. These compile time diagnostics can be very useful in detecting potential problems in the source code. The number of warnings with this option may be up to 5-10 times more than those emitted by default by the compiler.

Example

$ cat bitfield.c struct { int bit:1; } s;

void test() { s.bit = 1; }

$ cc -c +wlint bitfield.c "bitfield.c", line 1: warning #2108-D: signed bit field of length 1 struct { int bit:1; } s; ^

"bitfield.c", line 5: warning #4251-D: the assignment has an excessive size for a bit field s.bit = 1; ^

Other notable examples of warnings enabled with the +wlint option:

• Argument is incompatible with formal parameter

• Function declared implicitly

• Function is re-declared after being called

• Type conversion may truncate value

• Unsigned value cannot be less than zero

• Missing return statement at end of non-void function

• Nested comment is not allowed

• Signed bitfield of length 1

• Memory leak

• Potential null pointer dereference

• Detection of uncaught exceptions

• Uninitialized variables

+w64bit

This option enables warnings that help you detect potential problems in converting 32-bit applications to 64-bit. The +w64bit option applies both to 32 bit and 64 bit compilers. It is equivalent to the +M2 option. Some of the checks performed are:

• 64bit value is implicitly converted to a 32bit value, e.g. long to int.

• Pointer to 4-byte aligned object implicitly converted to a pointer to 8-byte aligned object.

Example

$ cat convert.c int *int_to_ptr (int i) { return (int *)i; }

$ cc –c +w64bit convert.c "convert.c", line 3: warning #4231-D: 64 bit migration: conversion between types of different sizes has occurred (from "int" to "int * ”) return (int *)i; ^

+wendian

This option enables diagnostics that identify areas in the source code that might have porting issues between little-endian and big-endian. For example

• de-reference which could cause endian-dependent behavior

• Union definition that is endian dependent

Example

$ cat endian.c union u1 { char c[4]; int v; }; $ cc -c +wendian endian.c "endian.c", line 1: warning #4289-D: endian porting: the definition of the union may be endian dependent union u1 { ^

+wlock

This option detects multi-threaded programming issues and enables dia gnostics for potential errors in using lock/unlock calls in multi-threaded programs that use the pthread libra ry. This is based on cross-module analysis performed by the compiler, which is much more powerful compared to simple scanning and parsing tools. The +wlock option implicitly enables a limited form of cross-module analysis even if -ipo or +O4 options are not specified. This may lead to a significant increase in the compile time in comparison to a build without the +wlock option. Using this option may result in the compiler invoking optimizations other than those which are part of the specified optimization level. If +wlock is used with -ipo or +O4 option, the generated code is not affected and the compile time does not increase much.

The problems detected by +wlock diagnostics include

• acquiring an already acquired lock

• releasing an already released lock

• unconditionally releasing a conditionally acquired lock

Example

$ cat lock.c

#include <pthread.h> #include <stdio.h>

int a; pthread_mutex_t Mutex;

void perform_operation(pthread_mutex_t* mutex1, int increment, int* global) {

if (increment > 10){ int status = pthread_mutex_lock(mutex1); } *global = *global + increment; int status = pthread_mutex_unlock(&Mutex); }

int main(void) { int i; scanf("%d", &i); perform_operation(&Mutex, i, &a); printf("%d is value\n", a); }

$ cc +wlock lock.c

"lock.c", line 12: warning #20223-D: Trying to unlock a lock held conditionally

+wperfadvice

This option enables performance advisory messages. It offers both integrity-specific and architecture-independent performance advice. The advice emitted is dependent on the optimization options used for compilation.

Example

$ cat large.c

struct X{ int i; int arr[1000]; } x;

int foo( struct X); int main() { foo (x); }

$ cc –c +wperfadvice large.c "large.c", line 8: warning #4319-D: performance advice: passing a large (4004 bytes) parameter by value is inefficient, consider passing by reference foo (x); ^

Enable all warnings about potentially questionable constructs in the compiler. This includes warnings such as +wlint and +w64bit warnings. The number of warnings with this option may be up to 5-10 times more than those emitted with +wlint. Some examples of warnings enabled with +w option:

• Variable is declared but never referenced

• Comparison of unsigned integer with signed integer

• Padding size of structure to alignment boundary

• Argument is incompatible with corresponding format string conversion

+Oinfo

This option displays informational messages about the optimization process. It may be helpful in understanding what optimizations are occurring. These messages are not emitted with the +w option.

+Oinitcheck

This option enables warnings about local variables that may be used before they are defined. Many of the warnings generated with this option may be false positives.

Security Diagnostics

+wsecurity

This option enables compile time diagnostics for potential security vulnerabilities. Security flaws are not only very costly to fix, but also can lead to a potential loss of customers and reputation. Most developers are not trained to detect security vulnerabilities.

With the +wsecurity option, warnings are emitted for scenarios where untrusted (tainted) data may reach a critical reference point in the program. This is based on cross-module analysis performed by the compiler, which is much more powerful compared to simple scanning and parsing tools. The +wsecurity option implicitly enables a limited form of cross module analysis, even if -

+ 10 hidden pages