Tracking chained usage in huge legacy C codebase with Frama-C

Question

I have huge (65 mln. lines of C code) legacy codebase.

Need to track usage of single cpp numeric const (#define MAX_NUM 32) which is used to define a number of structs (struct a { ... int a[MAX_NUM]; ... };), which in turn used to define fields in other structs, which in turn... at least 4 levels of usage of this kind.

Structs in turn are used to define other consts (like #define SIZE_A sizeof(struct a)) Structs are also used to define function params.

Obviously functions use these structs to access their fields in function implementations. And functions are called with params of these structs types. And so on...

Could I track all this forest of chained usages with Frama-C?

Tried to track these usage chains manually - oh my, 65 mln lines of code... Tried to understand Frame-C usage for static usage analysis - too many docs to understand at a single glance...

Answer 1

Frama-C does not have its own C preprocessor, it uses the system's preprocessor.

This means that the Cil (normalized) code seen by Frama-C is the version after preprocessing. Thus #define macros are not directly seen by Frama-C; the MAX_NUM constant in your example does not exist in Frama-C's AST. If it were an enum, then it would be present.

Concerning the type definitions, however, they are present in Frama-C's AST, and the graphical interface's Information panel does display type information, e.g. if you select an expression the AST, it will show its type, with clickable links to further expand type definitions, recursively. The screenshot below shows an example: a variable has a type ADC_parameters_t, which is a struct containing (among others) a field channel_t, which is in fact just a uint_least8_t, defined in header su_ctrl.h, line 146.

This code of code navigation (plus jumping from function calls to definitions, and back to callers, etc) is easy to do in Frama-C. But there is currently no way to directly navigate from a given macro/constant to all of its uses.

If you don't need Frama-C's semantic analyses, but only a powerful syntactic exploration and navigation tool, maybe SourceTrail (which has unfortunately been discontinued) could help you. It is a syntactic analysis and navigation tool which does know about preprocessing symbols, and can thus show places of definition, as in the example below: