static syntax analysis refers to debugging that can be done via inspection of the code for a program, without actually running the program.
See Also
- static analyzers
- another list by Cameron Laird
- debugging
- Brace-level pretty printer
- Statically verifying arithmetic and regular expressions
- AM 2007-08-18: an idea to check such various Tcl "sublanguages" as the arithmetic and regular expressions
- Source Code Comprehension Tools
- an older list
- Comparison of Static Tcl Code Validity Testers
- an comparison done circa 1997 by the developer of TclTutor.
Description
Static syntax analysis is the process of looking at a text file and attempting to identify errors, warnings, etc. from the text without executing the code. This is tricky to do in-depth because in an interpretive environment, programmers often make use of dynamic techniques for code generation, etc. These dynamic code fragments typically won't be evaluated during a static syntax sweep. Another short-coming, at least as far as procheck and frink go, is that they operate only on the source code specified on the command line. This means that calls to autoloaded or sourced commands are treated as unknowns, unless the file in which they are defined was specified before the invocation.
A C programmer will be familar with a program called lint; this program provides static syntax analysis for C.
Analysing C
- CBrowser
- open-source GUI frontent to source-code searching tools. Primarily designed to work with cscope, but also works with cs.
- logiscope c rulechecker
- a proprietary product that allows users to define and verify coding rules in Tcl
- Euclide
- is a new Constraint-Based Testing tool for verifying safety-critical C programs. By using a mixture of symbolic and numerical analyses (namely static single assignment form, constraint propagation, integer linear relaxation and search-based test data generation), it addresses three distinct applications in a single framework: structural test data generation, counter-example generation and partial program proving.
Euclide is written in Prolog with a Tcl interface and a Tk GUI.
Analyzing Tcl
- frink
- source code formatter with syntax and style checking
- Nagelfar
- reads one or more Tcl scripts and checks them for correctness, conflicts and even a little style.
- _scriptFormat
- reads one Tcl script and fixes indentation. Simplistic and open source.
- XotclIDE
- includes a syntax checker for Tcl and XOTcl code
- TDK
- has a program called tclchecker that does static syntax
- procheck
- a component of TclPro
- Sugar
- a macro system that can be used as a programmable SSA tool.
- SoftGuard
- appears to do at least some sorts of SSA [Does SoftGuard deserve its own page in the Wiki? I think so. Anyone familar with it? The web page mentions sgxCP profiling, sgxCT tracing, sgxDbg procedure debugging, sgxRSM resource standard metrics, and sgxTVC variable consistency testing]
- Source Navigator
- code-analysis and comprehention tool that provides a graphic framework for understanding and re-engineering large or complex software projects
- bracecheck , by Andreas Leitgeb
- a "mostly heuristic script ... which compares bracing with indentation ..."
- tclCheck, by Lindsay Marshall
- A very simple C program that carries out a sanity check for brackets and their nesting.
- ttclcheck
- advanced syntax checker for Tcl, TclOO, XOTcl, ITcl code with html generation.
- tcl-golems
- Count lines, find mismatched braces/quotes.
- tclparse
- A static analysis tool for Tcl 7.6 and Tk 4.2 programs.
- tcl_cruncher (download )
- transforms nice Tcl 7.x/TclX/Itcl sources into an ugly but faster standard output: it removes all unneeded white spaces, ; , all comments, etc... the result is unreadable, but can be twice as fast & as small than original. It can also be used to check syntax of your programs.
- tclscan
- Rust program that scans tcl for command injection.
- ECG
- is a TCL static source code analysis tool. It is a commercial solution able to detect real and complex security vulnerabilities in TCL/ADP source-code.