I've been working the last months on a coding rule validation add-on
for clang/LLVM, called Crisp:
Coding Rules constrain admissible constructs of a language to help
produce better code (improving reliability, portability,
maintainability, etc.). Some well-known coding rule sets are:
- MISRA-C/C++ (no public access available)
- High Integrity C++ Coding Standard (HICPP): http://www.codingstandard.com/
- CERT's Secure Coding Standards: Secure Development | Software Engineering Institute
Coding rule sets can include style conventions but they go typically
further. Rules range from purely syntactic properties (e.g. "Do not
use the ‘inline’ keyword for member functions") to those that need
deep static analyses to be automated (e.g. "Do not return non-const
handles to class data from const member functions", both examples are
There are some tools that can be used to define and enforce coding
rules on C/C++ code. Some distinctive features of our tool are:
- Rules (i.e., user checks) are going to be defined using a high-level
declarative Domain Specific Language. This language, called CRISP, is
not implemented yet. CRISP is based on first order logic, and rule
definitions are expected to be very concise and easy to read (see
below). The use of CRISP to formally define rules should avoid the
ambiguity and imprecision problems that arise with current standard
rule sets (they use plain English to define rules), and make the tool
highly and easily extensible (which is important, as almost every
project establish its own set of rules). E.g., part of
http://llvm.org/docs/CodingStandards.html could be probably formalized
and automatically enforced.
- It uses clang as front-end, taking advantage of its rich AST. The
full clang API is available to write new rules. Rules can be checked
during ordinary execution.
- It can integrate information from static analyses to implement
rules. At time being, the only interfaced analysis is alias analysis
as implemented in LLVM.
- It's free software.