[cfe-dev] Static analysis tool development

Ted Kremenek kremenek at apple.com
Mon Jan 19 17:45:08 PST 2009 

On Jan 17, 2009, at 8:58 AM, Nikita Zhuk wrote:

>>> If/when clang static analyzer will allow easy extensibility as Ted
>>> described in option [3], it would be very interesting to see if  
>>> clang
>>> user community could come up with some collaborative way of sharing
>>> various custom checks as pluggable & configurable components. A  
>>> wiki,
>>> perhaps? I think that sharing programming experience and knowledge  
>>> as
>>> clang analyzer checks for common programming errors and best
>>> practices
>>> would be useful for open source community.
>>
>> What would be wrong with just integrating them into the source and
>> having them invdividually enableable?
>
> There's nothing wrong with integrating additional checks into clang,
> of course. However, as a Mac developer and clang user I would like to
> be able to download and install additional checks simply by dropping
> the downloaded binary into some directory, without recompiling clang
> each time I'd like to try a new check which some other developer has
> written. I also suspect that some checks could exist which aren't
> completely in line with clang's goals, e.g. which generate too many
> false positives for average project, but which would be beneficial in
> projects of a specific type. For example, I have written some specific
> coding convention checks which have way too high level of false
> positives for being included into the official clang, but which are
> useful for developers who follow the same conventions.

I agree with Nikita.  Theoretically one could write a set of checks  
for every API that is out there.  Not everyone cares about all checks,  
and since many important APIs are private (or just not relevant  
outside the scope of a given piece of software) it makes sense to  
provide an extensible system where people can define their own checks  
without worrying about directly incorporating it into the analyzer  
binary.  Further, a plug-in model enforces modularity in the static  
analyzer's logic that I think is very beneficial to its overall  
quality of implementation, extensibility and reusability.

More information about the cfe-dev mailing list