[cfe-dev] [analyzer] Whole Program Analysis - Full Call Graph

[Phil Camp via cfe-dev]

Hello cfe-dev,

I am interested in researching possible static analyzer schemes on whole 
program states. Initially I would like to build a whole program call 
graph. I plan to develop program wide checkers for calls to a 
proprietary SDK. To begin with these checkers would rely on simple call 
graph/AST based analysis rather than ‘full’ static analysis. These 
checkers would include items like simple flow analysis of SDK calls that 
should occur in a particular order (e.g. open()/read()/write()/close()). 
I would be very grateful if anyone can offer any guidance as to how to 
achieve this.

My initial thoughts are to use the current AST call graph feature within 
clang. I would create a checker that builds and serialises the call 
graph to a file for each source file. I plan to add this serialisation 
to the clang CallGraph class along the lines of the current AST 
serialisation. The available serialised call graph files would 
subsequently be read and a merged, creating a full program graph  (or 
partial program graph if the whole program has not been serialised).

I have a couple of questions regarding development style:

a) Would the clang CallGraph class be the best place for the 
serialisation, or would it better to place it in the checker(s)?

b) For the read and merge process, should this be an external utility or 
use the regular clang executable?

Any feedback most welcome. Thank you for your time.

Phil Camp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20151130/fa97ae1f/attachment.html>