[cfe-dev] Static analysis tool development

[Nikita Zhuk]

On 17.1.2009, at 1.42, Ted Kremenek wrote:

> [3] The analyzer can be extended with new sets of "checks" by not  
> invasively modifying the analyzer internals.  Such extensibility can  
> be provided with different layers of abstraction from the core  
> analyzer API, with very high-level checks possibly being written in  
> a very high-level manner (e.g., declarative) while some checks  
> requiring more direct access to the core analyzer APIs.  Both ends  
> of the spectrum are important because some checks will require  
> sophisticated algorithms with deep reasoning about the program while  
> others might be much simpler and just clue off of common interfaces  
> and APIs.

I thought I could comment on that a little. As Ted said, it's possible  
to extend analyzer with new sets of checks without large  
modifications. At our company we have combined this possiblity with  
manual code reviews - when a bug is found during a code review, we try  
to implement a static analyzer check which would a) automatically  
check rest of the code for the same problem and b) prevent this  
problem in the future. I have been able to implement some basic checks  
without extensive compiler or C++ background fairly easily into clang  
itself by using the AnalysisManager API. The results have been very  
positive.

If/when clang static analyzer will allow easy extensibility as Ted  
described in option [3], it would be very interesting to see if clang  
user community could come up with some collaborative way of sharing  
various custom checks as pluggable & configurable components. A wiki,  
perhaps? I think that sharing programming experience and knowledge as  
clang analyzer checks for common programming errors and best practices  
would be useful for open source community.