Besides the many out-of-the-box checkers that Codesonar presents for detecting a wide range of coding errors, there are several mechanisms provided for defining your own checkers.
The most powerful is the Codesonar Plugin API, which is available in either Scheme or C.
When active, your checkers behave just like any other Codesonar checker: they execute during Codesonar’s normal analysis phase, detected cases are listed along with the built-in checkers, and they produce warning reports using the same source code annotations. In summary, they become indistinguishable from Codesonar’s own built-in checks.
A custom checker comprises boiler-plate code and user-defined sections. For brevity, below is the user-defined part of a checker that simply counts the number of return statements and generates a warning if they exceed a predefined limit.
static void check_if_return(cs_pdg pdg, void *ctx)
int retCount = 0;
cs_size_t procSize, nu;
cs_pdg_vertex firstPdgVertex, pdgVertex;
pdgKind = cs_pdg_get_kind(pdg);
// we only want user defined procedure types to be considered; ignore 3rd party API’s
if (pdgKind != cs_pdg_kind_user_defined)
// lines 16 – 19 get the human readable name of the function the analysis is currently sat on
r = cs_pdg_kind_name(pdgKind, &procType);
r = cs_pdg_friendly_name(pdg, NULL, procSize, &procSize);
procName = malloc(procSize * sizeof(char));
r = cs_pdg_friendly_name(pdg, procName, procSize, &nu);
// lines 20 – 21 get the sequence of vertices (program statements) for the current function and provide an iterator
r = cs_pdg_vertices ( pdg, &pdgVertexSet);
r = cs_pdg_vertex_set_iter_first (pdgVertexSet, &firstPdgVertex, &pdgVertexSetIterator );
// lines 22 – 28 check if the current vertex is a return statement, incrementing a simple global count for each one detected.
if (cs_pdg_vertex_kind(firstPdgVertex) == cs_vertex_kind_return)
while (cs_pdg_vertex_set_iter_next (&pdgVertex, &pdgVertexSetIterator) != CS_OUT_OF_ELEMENTS)
if (cs_pdg_vertex_kind(pdgVertex) == cs_vertex_kind_return)
// lines 30 – 39 are responsible for checking whether the return count for this function has been exceed, and if so, create and issue a warning
if (retCount > MAXRETURNS)
char * buf;
r = cs_pdg_entry_vertex (pdg, &entryVertex);
buf = malloc(strlen(procName) + 4 + strlen("%s contains %d return statement(s)"));
sprintf(buf, "%s contains %d return statement(s)", procName, retCount);
csonar_report_warning(entryVertex, upvar, buf, csrf_none, NULL, NULL);
Having compiled and copied the resulting library to the Codesonar installation directory, here’s how an instance of this warning would be listed in the set of detected warnings:
And when clicking into the above “Too many Return statements” warning, here is how Codesonar would present the annotated source code:
Note, how and what annotations are included is dictated by how the custom checker is authored; in this case the above was deemed sufficient.