JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.
If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.
If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.
| CodeSonar® 9.2p0 | CONFIDENTIAL | CodeSecure Inc |
CodeSonar plug-ins allow users to attach additional functionality to the CodeSonar build/analysis.
The API provides an interface to the nodes and edges of the program's dependence graph, the program's variables and their types, the program's abstract syntax tree, and the correspondence between these abstract elements and the source text.
API interfaces are provided for the C++, Python, and C programming languages.
There is currently beta-level support for a further set of API interfaces in C# and Java. For information, see the notes on API implementations.
CodeSonar SaaS Note: If you want to use your own custom plug-ins with CodeSonar SaaS, contact CodeSecure support for assistance. The installation instructions provided in this page are not sufficient to make plug-ins available to SaaS analyses.
CodeSonar plug-ins are based on visitors, which specify actions to be carried out on elements of the CodeSonar internal representation (IR) at various stages of the CodeSonar build/analysis.
The actions carried out by visitors will generally fall into one of two categories:
| warning management | Define new warning classes, issue warnings of any class, obtain information about warning classes, retract warnings. Warning classes defined and reported in plug-ins can access deeper analysis than is available through the CodeSonar extension framework. |
|---|---|
| metric management | Define new metric classes, report metric values, obtain information about metric classes and values, retract metric values. |
You can write plug-ins in C++, Python, or C.
The following table provides a quick comparison of the available API languages.
| Language | Support | Notes |
|---|---|---|
| C++ | full | More succinct than the C API, but performance should be almost as good. Follows STL conventions (e.g., naming). Raises exceptions to indicate problems. |
| Python | full |
Best API for rapid prototyping. Supports a REPL. Implements
many pythonic features. Strongly dynamically typed. Raises
exceptions to indicate problems.
Python is not a particularly performant language. Python has a full featured standard library and an active development community. |
| C | full |
Necessarily verbose, and therefore difficult to use properly:
if you are familiar with one of the other supported API
languages, it will probably be more straightforward to use that
API rather than the C one.
All other APIs are implemented on top of the C API. |
| C# | beta | This is essentially parallel to the Java API. |
| Java | beta |
Can be more verbose than the C++ API, but still less verbose
than the C API. Safer than the C++ API. Raises exceptions to
indicate problems.
Java is typically more performant than Python, but less performant than C++. Java has a full featured standard library and an active development community. |
General Information:
| Visitors | Plug-ins are based on visitors, which specify actions to be carried out on elements of the CodeSonar internal representation (IR) at various stages of the analysis. |
|---|---|
| Writing Plug-Ins | General information about creating plug-ins to attach custom functionality to the CodeSonar analysis. |
| Plug-In Tutorial | Two annotated example plug-ins (each provided in all API languages), with building and installation instructions. |
| AST API Tutorial | The AST API tutorial (provided in all API languages) also uses plug-ins. |
Specific API Language:
| Plug-In Guidelines | Key API References | |
|---|---|---|
| C++ | Writing C++ Plug-Ins | classes analysis, visitor, warningclass, project_metricclass, compunit_metricclass, sfile_metricclass, procedure_metricclass. |
| Python | Writing Python Plug-Ins | Visitor decorators, Metric decorators; classes analysis, warningclass, project_metricclass, compunit_metricclass, sfile_metricclass, procedure_metricclass. |
| C | Writing C Plug-Ins | CodeSonar Plug-In API: C Functions and Types for Visitors, Warnings, and Metrics |
As much as possible, the API documentation separates the abstract behavior of each API module from the concrete behavior of individual functions and types. Likewise, the types and functions/methods for each API language are documented separately.
Therefore, each piece of API functionality has multiple corresponding pieces of documentation, depending on applicability:
These sections are interlinked for direct navigation between implementation documentation and abstract descriptions.
The API components are described in the following sections:
| Section | Summary | Language Modules Supported |
|---|---|---|
| Plug-Ins | Warnings, metrics, and visitors. | C/C++, C#, Java |
| SDG Operations | The project: a collection of PDGs. | C/C++, C#, Java |
| Procedure (PDG) | The dependence-graph representation of a function. | C/C++, C#, Java |
| Point
(PDG_VERTEX), Point Set (PDG_VERTEX_SET) |
A program point, a set of program points. | C/C++ |
| Name Cross Referencing | Name cross-referencing. | C/C++, C#, Java |
| Metrics | Defining, computing, and reporting software metrics. | C/C++, C#, Java |
| AST | Abstract syntax tree representation of source text. | C/C++ |
| Symbol
(ABS_LOC), Symbol Set (ABS_LOC_SET) |
The representation of a program symbol (variable or function), a set of symbols. | C/C++ |
| CFG Edge Set | A set of control flow edges. | C/C++ |
| Integer Pair Set | A set of integer pairs representing substrings in the compilation unit that are associated with program points. | C/C++, C#, Java |
| Source File | Coordinate systems for source-file instances and the text they contain. | C/C++, C#, Java |
| Directory | Operations on directories. | C/C++, C#, Java |
To report problems with this documentation, please visit https://support.codesecure.com/.