Manualshelf

HP Code Advisor

ManualsBrandsHP ManualsSoftwareHP General Developer Tools Software
11121314151617181920
“Detection of Pre-defined or User-defined Coding Guideline Violation” (page 12)
“Easy to Integrate and Use” (page 12)
1.2.1 Advanced Static Code Analysis
Cadvise is a powerful static code analysis tool that automatically diagnoses various issues in a
source program. It improves developer productivity by finding defects at code development
time, and leads to more robust and secure software because of fewer escaped defects.
Cadvise leverages advanced cross-file analysis technology from HP compilers. It stores the
diagnosed information in a program database. With the built-in knowledge of system APIs,
cadvise looks deep into the code and provides helpful warnings with fewer false positives.
1.2.2 Defect Detection
Cadvise detects a wide range of coding errors and potential problems such as memory leaks,
used after free, double free, array/buffer out of bounds access, illegal pointer access, uninitialized
variables, unused variables, format string checks, suspicious conversion and casts, out of range
operations, C++ coding style warnings, and so on.
1.2.3 Security Vulnerability Checks
Security flaws are not only very costly to fix, they can lead to a bad reputation and potential loss
of customers. Cadvise detects security vulnerabilities in the source code such as buffer overflows,
use of unsafe APIs, use of unsafe file path, unsafe data length argument, unsafe loop exit condition,
unsafe use of tainted data, and so on.
1.2.4 Porting and Migration
The cadvise also helps you to identify the potential problems in converting applications from
32-bit to 64-bit. The porting help is also available in 32-bit mode. This enables you to evaluate
the porting effort before the actual porting begins.
While porting from Linux or Windows? to HP-UX you might encounter problems converting
from little-endian to big-endian. cadvise identifies instances where different endianness might
produce different results. These instances are very difficult to find manually.
Further, migrating your applications from PA-RISC to HP Integrity systems is much easier with
the help of cadvise, which helps you identify the differences between the two compilers and
begin porting the code to HP Integrity systems without leaving the familiar PA-RISC environment.
1.2.5 Detection of Pre-defined or User-defined Coding Guideline Violation
Cadvise has a built-in coding guidelines checker which diagnoses violations to the coding
guidelines and emits appropriate diagnostic messages. You can modify the default set of rules
or write your own set of rules to enforce coding guidelines. Cadvise has the appropriate API
header files and a set of sample files along with the corresponding Makefile to rebuild the rules
library.
1.2.6 Easy to Integrate and Use
Cadvise is available for HP-UX developers on both HP Integrity and PA-RISC systems as part
of C and C++ compiler bundles or as a direct download. The default installation location is
/opt/cadvise. Cadvise can be seamlessly integrated with the build process and makefiles.
The reporting tool, cadvise report helps you to filter the important warnings without getting lost
in tons of trivial warnings.
For example, to use cadvise for a single file, you can simply use the following command:
$ cadvise cc -c hello.c
12 Introduction