Application Security Testing: An Integral Part of DevOps
Any successful commercial code spawns vertical applications that need bits and pieces of its API. Whether you call them hooks, functions, entry points, subroutines, or what-have-you, the need to document them well arises simultaneously. Doxygen fits this scenario to a T. In fact, if you've ever used the popular Qt GUI or any project created with Qt, you've probably browsed a Doxygen-generated HTML page.
As soon as any small project has more than three or four programmers working on it, the need for some explanation about how the functions work arises. Whether you are working in C or C#, the same old bugaboo rears its ugly head: How do you keep the documentation of function parameters accurate and consistent with the actual use cases? With Doxygen, you extract the documentation directly from the sources, which makes it much easier to keep the documentation consistent with the source code.
A perhaps worse scenario is your company purchasing some code from a third-party vendor with scanty or no documentation. How do you get your head around this thing when there's no place to start? For this and many other scenarios, Doxygen should be part of your toolset.
Doxygen is the brainchild of Dimitri van Heesch, who made it available under the GNU General Public License. He has shepherded the project for the past decade, producing one of the world's most widely used documentation packagers.
Doxygen Speaks Your Language
As you may have guessed, Doxygen can get started with little or no source-code preparation. Of course, the more prep you add, the better the outcome. But, you can still do a first pass on nearly any C, C++, Java, Objective-C, IDL (CORBA or Microsoft), C#, or PHP project and get great results.
Most developers use Doxygen to produce HTML-based docs for public or private consumption. As you know, HTML isn't the most convenient (or professional, for that matter) output stream for everyone. Fortunately, Doxygen supports output in Rich Text Format (RTF) PostScript, hyperlinked PDF, Latex, compressed HTML, XML, and even crusty old Unix man pages (see Figure 1).
Figure 1. Diagram of How Doxygen Works
Generating Your First Docs
Start off by downloading some binaries built for your platform of choice; Win32, Linux, MacOS X, and Solaris 9 are readily available. If you use another platform besides those, you need to grab the source for a native recompile. At this point, you are ready to go.
The main tool you will use (daily) is doxygen.exe. However, you can get a running start by using the Doxywizard to create your initial configuration file. The configuration file drives everything that you do with Doxygen; it is the blueprint for what you want done. Doxytag, a tool that allows you to integrate (point at) other HTML docs outside the domain of your own project (for example, third-party libraries), won't be covered in this article, but it may be worth exploring.
Because you probably don't care to write a configuration file from scratch, you can ask Doxygen to spit out a template by entering the following on the command-line:
Doxygen -g template.cfg
Doxygen will produce a starting template for you. Again, if you prefer not to edit this file, you can use Doxywizard to create it based on your answers to a short questionnaire.
Now, open the template.cfg file and make it point to the location of your current project:
Part of the magic of Doxygen is that it has parsers built in for each of the target languages. It will base its knowledge of file type on the extension of each file in the directory (.CPP for C++ and so forth). By default, it wants to rip through all the files in the base directory and discover what it can. You can tame it by specifying specific regular expressions of filenames (FILE_PATTERNS) to add or remove (EXCLUDE_PATTERNS).
You also can direct it to write to specific places by adjusting the OUTPUT_DIRECTORY, for example:
You can apply two basic levels of scope to the Doxygen run:
- EXTRACT_ALL=YES: Creates documentation on everything, commented or not
- EXTRACT_ALL=NO: Creates documentation only on explicitly commented items