[cfe-dev] Consumed analysis resets its state in between CFG blocks

Mon May 5 15:56:20 PDT 2014

Both thread safety analysis and consumed analysis just use the CFG;
they are not part of the static analyzer, and they maintain their own
notion of "state".  Moreover, the line you're looking at is not
"killing state".  The initial state of a block is determined from the
end state of its immediate predecessors, and the first step when
starting to analyze a new block is to calculate the initial state for
that block.  Blocks are traversed in topological order, so the
previously processed block has no relationship to the one we're just
starting to process.

I don't understand what you mean by "brittle" here.  This algorithm
works for any "layout" in which the CFG captures control flow, which
is, after all, the whole point of the CFG.

  -DeLesley

On Mon, May 5, 2014 at 10:38 AM, Manuel Klimek <klimek at google.com> wrote:
> On Mon, May 5, 2014 at 7:29 PM, Jordan Rose <jordan_rose at apple.com> wrote:
>>
>>
>> On May 5, 2014, at 10:27 , Manuel Klimek <klimek at google.com> wrote:
>>
>> On Mon, May 5, 2014 at 6:49 PM, Jordan Rose <jordan_rose at apple.com> wrote:
>>>
>>> Neither of these are part of the analyzer; they're part of the
>>> analysis-based warnings in Clang. libClangAnalysis is the common base
>>> between the two, which is why we have to be careful about the CFG, but the
>>> full analyzer infrastructure isn't going to be the answer.
>>
>>
>> What would be "full analyzer infrastructure" here? The
>> REGISTER_MAP_WITH_PROGRAMSTATE part?
>>
>>
>> ProgramState at all. The analysis-based warnings track their own state in
>> more lightweight structures, and aren't usually following paths anyway.
>
>
> The consumed analysis seems to have to? Otherwise, how would it figure out
> that something was not consumed in all paths?
>
>>> "A new block may only be started if there is control flow" probably is
>>> not enforced, but I'm not sure why we wouldn't do that. ("control flow"
>>> doesn't have to mean a C/C++ notion of control flow; it can be something
>>> like the static variable DeclStmt that clients of the CFG can use to decide
>>> where execution goes next.)
>>
>>
>> I'm aware control flow doesn't necessarily mean C/C++ control flow.
>> Here's my reasons why we might not want to have that invariant.
>> 1. if I remember correctly I have already seen blocks that don't have
>> terminators that just flow into a single other block (I'll try to fish one
>> out if you're curious); so I was surprised to see other places basically
>> assert in a comment that this is an assumed invariant
>> 2. it seems that sometimes having the CFG be more uniform regarding
>> different related patterns might be nice (although I see that it is a very
>> very weak argument)
>> 3. it might just be too hard to assert the invariant, in which case I'd
>> say it's better to explicitly say it's *not* an invariant than to let checks
>> or cfg-based compiler checks rely on it
>>
>>
>> I guess it's not. After an if-statement, both branches have to transition
>> to the same block, of course. I'm not sure what I was thinking, nor am I
>> sure what the comment was getting at.
>
>
> Well, I thought "incoming" control flow (at the end of an if) is just part
> of control flow.
>
> And I think I caused some confusion, as the invariant proposal I made was
> not actually a citation of the code (but might have looked like I implied
> that).
> The comment is:
> // Note also that we are restricting
> // to looking at return statements in the same CFGBlock,
> // so this will intentionally not catch cases where the
> // return statement contains nested control-flow.
>
> Which seems to imply that invariant, though?
>
> Cheers,
> /Manuel

-- 
DeLesley Hutchins | Software Engineer | delesley at google.com | 505-206-0315