1ncc 2.7
2 - see doc/CHANGES for the new stuff
3
4
5WHATIS
6======
7
8
9Basically, ncc is a tool for hackers designed to provide program analysis
10data of C source code. That is program flow and usage of variables.
11Some big programs out there are by default obfuscated, either due to extreme
12size, programming style, hacks upon hacks and other crazyness. In order to
13do program analysis correctly, there has to be compilation of expressions,
14and thus ncc is really a compiler (supporting zero architectures).
15
16At the same time, ncc is small and easy to understand so you can hack it and
17add custom features and extensions at any stage of the compilation, to match
18what you expect and consider useful as output. Most common GNU extensions
19are supported and there has been an effort be practically useful in the GNU
20system (which is not easy because the GNU system is very gcc-friendly).
21The goal is to be able to replace 'ncc' in Makefiles and work with the big
22open source projects.
23
24In the latest versions of ncc, some advanced analysis features have been
25implemented and they are about pointer-to-function variables and the values
26assigned to them. The sample files doc/fptrs.c and doc/farg.c can be
27analysed with ncc to demonstrate what can be done there.
28
29In version 2.0 ncc can emulate the linker behavior to join ncc output files
30and can also act as a wrapper for some binutils programs that are used
31for linking.
32
33
34INSTALL
35=======
36
37Either 'make install' as root, or:
38
391. 'make' and the file ncc should appear in objdir/
40
412. Copy the file doc/nognu to /usr/include.
42
43This file is used to fix some madness of libc header files and remove some
44GNU extensions which violate the C grammar and can be removed without
45problems. If you don't want to copy it to /usr/include, edit config.h and
46recompile.
47
483. With make the file 'nccnav' should also appear in nccnav.
49 Copy this file to /usr/bin and make a symbolic link nccnavi -> nccnav if
50 you want auto-indent
51
52
53
54 Invoking ncc
55 ------------
56
57USAGE
58=====
59
60The simple way to use ncc on a C program hello.c, is with the
61command : ncc hello.c
62
63The default output (at stdout) is that for every function defined in hello.c
64the following things are reported :
65
66 - function calls
67 - pointer to function assigned values
68 - use of global variables
69 - use of members of structures
70
71The latter has been proved very useful in understanding what
72a function actually does.
73
74The options of ncc start with "-nc".
75
76with "-ncmv" each use of global variable, function or member of structure is
77 reported multiple times as used. This is a way to understand better how the
78 code works, by looking the use of variables between function calls.
79 -nccnav can't display that-
80
81with "-nchelp" help is displayed on the -nc options.
82
83with "-ncoo" the output goes to a file sourcefile.c.nccout
84
85with "-ncld" the output goes to a file sourcefile.o.nccout
86 or to the file specified with the command line option "-c"
87 and the extension nccout. Moreover in this mode ncc does
88 linker emulation. Described below.
89
90with "-ncspp" the preprocessed file is kept in sourcefile.i
91
92with "-ncfabs" absolute pathnames are reported.
93
94with "-ncnoerror" if there are syntax errors in expressions ncc
95 will link the function with a special "NCC:syntax_error()" function
96 instead of terminating the compilation.
97
98
99STUDYING THE OUTPUT & PROGRAM ANALYSIS
100========================================
101
102ncc is a very useful tool in exploring programs but equally useful is the
103included program `nccnav'. The output of ncc is such that can be easilly
104loaded by some other graphical viewer. nccnav can do this and has some nice
105features like the recursion detector.
106
107So once you learn HOW to run ncc on programs, make sure to read
108nccnav/README.
109
110The output can also be viewed using the graphviz program. See the section
111GRAPHVIZ below.
112
113
114GCC-PREPROCESSING
115=================
116
117ncc uses gcc for preprocessing because the standard library headers
118eventually need some other architecture specific header which are somewhere
119where gcc knows where. Any options starting with -D and -I will be passed
120to gcc for preprocessing. Generally, because ncc should be able to work
121from makefiles instead of gcc, all options unless starting with '-nc'
122produce no error (and may be even passed to gcc in a special mode).
123
124The files compiled with ncc, will have the __GCC__ macro defined, because many
125programs are written for gcc and take some gcc extensions for granted.
126ncc additionally defines __NCC__ macro.
127
128
129
130(example) HACKING mpg123
131========================
132
133This one is easy (because it's done "the right way", programs are
134exponential: the number of tasks a program can do is N^2 if N are the lines
135of code. Thus any program of more than 50000 lines has probably design flaws
136(unless it's device drivers))
137
138Anyway, to view the calls of mpg123, the command is:
139
140 for a in *.c; do ncc $a -ncoo; done
141 cat *.nccout > Code.map
142 nccnav
143
144or alternativelly:
145
146 ncc *.c > Code.map
147
148
149HACKING BIGGER PROGRAMS
150=======================
151
152The obvious way is to use make with ncc, so that the required -D and -I
153options are invoked, and only the right files are compiled (if there
154are depenencies). Normally, changing "CC=gcc" to "CC=ncc -ncoo" would be
155enough. But alas! some times it isn't.
156
157Sometimes the make procedure expects object files which ncc does not produce
158and it may fail. This can be prevented with 'make -i' where make ignores
159errors.
160
161Some other programs compile and run helpers during make. If all else
162fails, the last resort that always works, is using the "-ncgcc" option.
163
164with "-ncgcc", ncc will also run gcc in parallel with all it's options except
165the -nc ones. So nobody will understand that ncc was even run and the
166makefiles will be happy. It takes 1000% more time, but computers do get
167faster every day. In this case, it is generally a good idea to remove any
168'-O2 -g' options.
169
170Make sure you read doc/TROUBLES if you're going to use ncc in big GNU
171projects (and not only).
172
173hacking.LINUX-KERNEL, hacking.GCC, hacking.GLIBC, and other files in doc/
174have specific instructions on using ncc on some *really big* programs which
175may need a couple of tricks to get it done.
176
177
178LINKER EMULATION
179================
180
181The best job is done by using ncc in the makefile in parallel with the
182normal compilation. For serious work, use
183
184 CC=ncc -ncgcc -ncld -ncspp -ncfabs
185
186The option "-ncld" instructs ncc to attempt to link ncc output files
187as gcc would create object files. For example, the command
188
189 ncc -ncld -ncgcc -c file1.c
190
191will generate the files "file1.o" and "file1.o.nccout"
192The command
193
194 ncc -ncld -ncgcc file2.c file1.o -o myprog
195
196will generate the files "myprog" and "myprog.nccout", where the second
197file will be the analysis of file2.c plus the file file1.o.nccout.
198
199Moreover, ncc can be called as "nccar", "nccld", "nccg++" and "nccc++".
200In this case, the corresponding program will be called normally
201with all the options passed and then ncc will attempt to locate
202object files with the extension 'nccout' and link them in a bigger
203nccout file. So it's even better to say
204
205 AR = nccar
206 LD = nccld
207 CXX = nccg++
208
209The advantage of this method is that we don't have to collect the
210nccout files afterwards. Usually all the right files will have been
211concatenated into one big nccout file at the end of compilation.
212
213This method works best when gcc is used to link the object files, and
214also works pretty well with ar and ld. However, there are projects
215out there that use crazy Makefiles and libtool, that need special
216hacks to achieve this.
217
218 Output Details
219 --------------
220
221POINTERS TO FUNCTIONS
222=====================
223
224ncc does not only report which pointer to function variables are called, but
225also which values are assigned to them. Pointers to functions are reported
226as pseudo-functions which call *all* the values assigned to them.
227
228So the caller -> callee relation is different. While the code of a normal
229function calls all its callees, a pointer to function will call any one of
230its callees.
231
232
233RELEVANT NOTES
234==============
235
236- Anonymous typedef'd structures are automatically named after the typedef.
237For example:
238 typedef struct {
239 int x, y;
240 } Point;
241 int main ()
242 {
243 Point P;
244 P.x = 3;
245 }
246 ncc will report that 'main' uses member 'x' of structure 'Point', although
247the structure is really anonymous. Conflicts *should* be extremely rare.
248
249
250TROUBLESHOOTING
251===============
252
253Thanks to open source, there are infinitive test cases.
254ncc has been tested with:
255
256 linux kernel 2.2 (partial according to depend),
257 Imagemagick, gcc, Doom (you gotta see this source!),
258 xanim, mpg123, bladeenc, bzip2, gtk, gnu-fileutils,
259 less, mpeg_play, nasm, ncftp, vim, sox, bind, gdb, flames,
260 xrick (Rick Dangerous!), inform (Text adventure language),
261 linux kernel 2.4.20, zsh, zile, emacs, gnuchess, bash,
262 python, elinks, linux kernel 2.6.9, pygame, jamvm, perl5,
263 linux 2.17, gcc 4.2, x.org 7.1, git, qemu, ffmpeg, libjpeg,
264 openssh
265
266although these programs are correct and ncc lacks testing on finding errors
267on programs with syntax errors.
268
269In the case ncc complains about syntax errors or segfaults, check out
270the file TROUBLES for the way to hunt down the bug. Sometimes just
271adding something to nognu macros is enough to continue the compilations.
272
273
274 Viewers
275 -------
276
277CODEVIZ
278=======
279
280CodeViz is a collection of C/C++ analysis tools by Mel Gorman.
281See http://freshmeat.net/projects/codeviz
282
283The CodeViz perl scripts recognize the .nccout format of ncc.
284If you have concatenated all the .nccout files of a projects to say
285'everything.nccout'
286
287You can do:
288 genfull -g cncc -f everything.nccout
289to generate the full.graph file. Then:
290 gengraph -f some_function -d depth
291to generate a nice postscript graph of the call tree.
292
293
294GRAPHVIZ
295========
296
297Jose Vasconcellos has sent a python script which converts ncc output
298to dot data. The dot command is part of the Graphviz package and it's
299used by codeviz to generate the graph. More about graphviz at:
300
301 http://www.graphviz.org
302
303The script scripts/gengraph.py can be called like this:
304
305 gengraph.py code.map main | dot -Tsvg -o graph.svg
306
307to generate a nice SVG graph of the callgraph.
308The zgrviewer at http://zvtm.sourceforge.net/zgrviewer.html
309is great for viewing large graphs. Still, it's a good idea
310to specify depth because some graphs are **really** big:)
311
312
313
314THEREST
315=======
316
317Program written & Copyright (C) Stelios Xanthakis 2002, 2003, 2004, 2005, 2006, 2007
318Distributed under the terms of the Artistic License.
319e-mail: sxanth@ceid.upatras.gr
320ncc latest download: http://students.ceid.upatras.gr/~sxanth/ncc/
321
322Many contributions and feedback from Scott McKellar <jm407a@sbc.com>
323 who now is the other person who knows `how ncc works'.
324Additional hacks for kernel 2.6 by Ben Lau <benlau@linux.org.hk>
325gengraph.py is Copyright (C) 2004 Jose Vasconcellos and GPL.
326
327Also thanks to:
328 Sylvain Beucler, Anuradha Weeraman, Florian Larysch,
329 Deepak Ravi, Thomas Petazzoni, Adam Shostack,
330 Hakon Lovdal, Awesome Walrus
331
