Static syntax analysis

Difference between version 72 and 73 - Previous - Next

'''static syntax analysis''' refers to [debugging] that can be done via
inspection of the code for a program, without actually running the program.


** See Also **

   [http://phaseit.net/claird/comp.lang.tcl/tcl_compilers.html#analyzers%|%static analyzers]:   another list by [Cameron Laird]
   
   [debugging]:   

   [Brace-level pretty printer]:   

   [Statically verifying arithmetic and regular expressions]:   [AM] 2007-08-18:  an idea to check such various Tcl "sublanguages" as the arithmetic and regular expressions

   [http://grok2.tripod.com/code_comprehension.html%|%Source Code Comprehension Tools]:   an older list

   [http://www.msen.com/~clif/TclLint.html%|%Comparison of Static Tcl Code Validity Testers]:   an comparison done circa 1997 by the developer of [TclTutor].


** Description **


''Static [syntax] analysis'' is the process of looking at a text file and
attempting to identify errors, warnings, etc. from the text without executing
the code.  This is tricky to do in-depth because in an interpretive
environment, programmers often make use of dynamic techniques for code
generation, etc.  These dynamic code fragments typically won't be evaluated
during a static syntax sweep. Another short-coming, at least as far as procheck
and frink go, is that they operate only on the source code specified on the
command line.  This means that calls to auto[load]ed or ''[source]''d commands
are treated as unknowns, unless the file in which they are defined was
specified '''before''' the invocation.

A [C] programmer will be familar with a program called '''lint'''; this program
provides static syntax analysis for C.


** Analysing C **

   [CBrowser]:   open-source GUI frontent to source-code searching tools.  Primarily designed to work with cscope, but also works with cs.

   [logiscope c rulechecker]:   a proprietary product that allows users to define and verify coding rules in Tcl

   [http://euclide.gforge.inria.fr/%|%Euclide%|%]:    is a new Constraint-Based Testing tool for verifying safety-critical C programs. By using a mixture of symbolic and numerical analyses (namely static single assignment form, constraint propagation, integer linear relaxation and search-based test data generation), it addresses three distinct applications in a single framework: structural test data generation, counter-example generation and partial program proving. 

Euclide is written in [Prolog] with a Tcl interface and a Tk GUI.

[http://euclide.gforge.inria.fr/img/euclide_v0_1_small.jpg]


** Analyzing Tcl **

   [frink]:   source code formatter with syntax and style checking

   [Nagelfar]:   reads one or more Tcl scripts and checks them for correctness, conflicts and even a little style.

   [_scriptFormat]:   reads one Tcl script and fixes indentation. Simplistic and open source.

   [XotclIDE]:   includes a syntax checker for Tcl and [XOTcl] code

   [TDK]:    has a program called ''tclchecker'' that does static syntax

   [ProCheck%|%procheck]:   a component of [TclPro]

   [Sugar]:    a macro system that can be used as a programmable SSA tool.

   [SoftGuard]:    appears to do at least some sorts of SSA [[Does SoftGuard deserve its own page in the Wiki?  I think so.  Anyone familar with it?  The web page mentions sgxCP profiling, sgxCT tracing, sgxDbg procedure debugging, sgxRSM resource standard metrics, and sgxTVC variable consistency testing]]

   [Source Navigator]:   code-analysis and comprehention tool that provides a graphic framework for understanding and re-engineering large or complex software projects

   [http://avl.enemy.org/TclTk/bracecheck.tcl%|%bracecheck], by [Andreas Leitgeb]:   a "mostly heuristic script ... which compares bracing with indentation ..."

   [tclCheck], by [Lindsay Marshall]:   A very simple [C] program that carries out a sanity check for brackets and their nesting.

   [tclint], by Noah Moroze:   is a lint tool for Tcl. It analyzes Tcl source files and reports issues that may cause bugs, inhibit readability, or affect performance. This is a Python program which lints Tcl code. It as well installs [tclfmt] a Tcl formatting tool.
   https://wiki.tcl-lang.org/page/TclOK_script_checker%|%TclOK%|%, by https://dashthru.com%|%DashThru Technology%|%:   A Tcl script checking tool targeted for chip design industry, with native SDC(Standard Design Constraint) and UPF(IEEE-1801) command support which are widely used in EDA tools.

   [ttclcheck]:   advanced syntax checker for Tcl, TclOO, XOTcl, ITcl code with html generation.

   [tcl-golems]:   Count lines, find mismatched braces/quotes.

   [tclparse]:   A static analysis tool for Tcl 7.6 and Tk 4.2 programs.

   tcl_cruncher ([ftp://ftp.tcl.tk/pub/tcl/mirror/ftp.procplace.com/alcatel/code/tcl_cruncher-1.11.tar.gz%|%download]):   transforms nice Tcl 7.x/TclX/Itcl sources into an ugly but faster standard output: it removes all unneeded white spaces, ; , all comments, etc... the result is unreadable, but can be twice as fast & as small than original. It can also be used to check syntax of your programs.

   [https://github.com/aidanhs/tclscan%|%tclscan]:   [Rust] program that scans tcl for command injection.

   [https://voidsec.com/announcing-ecgs-closed-beta/%|%ECG]:   is a TCL static source code analysis tool. It is a commercial solution able to detect real and complex security vulnerabilities in TCL/ADP source-code.



<<categories>> Debugging