[cfe-dev] Writing simple checkers for the static analyzer

Rafael Auler rafaelauler at gmail.com
Sat May 24 22:01:49 PDT 2014


Hello,

I am trying to write a very simple checker for the clang static analyzer
for the sake of writing a first exercise on this topic. Its goal is to
simply alert whether a specific function has been called twice in a given
path. Let's assume the name of this specific function that I am tracking is
"doNotCallTwice()".

In order to record state information, I use the
REGISTER_TRAIT_WITH_PROGRAMSTATE macro to register an unsigned together
with the program state. This integer indicates whether the function
"doNotCallTwice()" has been called in a path and, if it is equal to 1 in a
node where I detect yet another call, I prepare to report a "double call"
bug. I use "checkPostCall" for changing the state.

However, something strange happens. My extra integer registered in the
program state is not sufficient to differentiate two ProgramStates with the
same ProgramPoint: the engine fold the two nodes anyway, ignoring my new
state information. On the other hand, the information *is* propagated. If I
use other ways to avoid the nodes being folded, the checker works fine.

An example where it does not work:

void myfunc (int x, int y) {
  if (x)
    doNotCallTwice();
  if (y)
    doNotCallTwice();
  doNotCallTwice();
}

Since programstates get folded in the ExplodedGraph, I never detect any
path where two calls to doNotCallTwice() happen. However, change the code
in the following way avoids the folding and make my checker work:

void myfunc (int x, int y) {
  if (x)
    doNotCallTwice();
  if (y)
    doNotCallTwice();
  y = x;  // Now x and y are not dead anymore and this won't be folded
  doNotCallTwice();
}

I based my checker on SimpleStreamChecker.cpp. Am I doing something
conceptually wrong?

Best regards,
Rafael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20140525/670b747e/attachment.html>


More information about the cfe-dev mailing list