[cfe-dev] Combining scan-build runs

Mon Nov 30 06:37:17 PST 2015

Hi Ben,

On Monday, November 30, 2015, Craig, Ben <ben.craig at codeaurora.org> wrote:

> One of the reasons the clang static analyzer doesn't support cross TU
> analysis is because of scaling issues.  The core static analysis algorithm
> is super-exponential.  There are some caps put into place so that execution
> eventually finishes.
>

Gotcha. I assumed there was a scaling issue, but I'm surprised to see it's
super exponential. I'd naively guess a tree with N nodes and M edges would
be analyzed in some sort of polynomial time. Looks like I've got some
reading to do!

>
>
> There have been recent discussions regarding cross-function and cross-TU
> analysis here:
>
> http://clang-developers.42468.n3.nabble.com/analyzer-Summary-IPA-thoughts-td4048239.html
>
>
Ah, a good place to start :)

Thanks again!
Andrew

> On 11/29/2015 10:27 AM, Andrew Melo wrote:
>
> Hi Ben,
>
> Thanks for the mail,
>
> On Mon, Nov 23, 2015 at 12:00 PM, Craig, Ben via cfe-dev <
> <javascript:_e(%7B%7D,'cvml','cfe-dev at lists.llvm.org');>
> cfe-dev at lists.llvm.org
> <javascript:_e(%7B%7D,'cvml','cfe-dev at lists.llvm.org');>> wrote:
>
>> I'm not sure that I fully understand your question.  Here are some
>> attempts by me to answer some of the questions I think you are asking.
>>
>> How do I make one combined index.html for the bug reports in my two
>> distinct projects?
>>
>> Have you tried to use -o <output location>, and have both projects point
>> to the same location?  I don't know for sure if this will work or not, but
>> it's worth a shot.
>>
>>
>> How do I do cross-project analysis?  For example, how do I find null
>> dereference bugs when projectA invokes a function in projectB incorrectly?
>>
>> The clang static analyzer doesn't support this right now.  It doesn't
>> even really support finding bugs when crossing translation units.  It can
>> find cross-function issues when all the functions are in the same
>> translation unit.
>>
>> I was looking for the latter. I didn't realize the static analysis was
> limited to a single translation unit, which is why my question probably
> didn't make a lot of sense. I guess the limitation is that the control-flow
> graph can grow to be unboundedly large as you combine translation units
> together?
>
> Thanks for the help,
> Andrew
>
>
>
>> On 11/23/2015 11:15 AM, Andrew Melo via cfe-dev wrote:
>>
>> Hello all,
>>
>> I've been using clang's static analyzer to clean up some code and find
>> some particularly tricky bugs that have been haunting me for a while.
>> It's working great!
>>
>> Our project is broken into multiple independent subprojects (each with
>> their own makefile, etc..), so when I run scan-build on each
>> subproject in sequence, a lot of the context gets lost when control
>> goes from projectA to projectB and back again. Is there a way to have
>> scan-build combine the ASTs from the different projects together to
>> give it the global view? We currently have:
>>
>> projectA$ scan-build make
>> projectB$ scan-build make
>>
>> Is there some way to have scan-build do something the equivalent of:
>>
>> $ scan-build --combine projectA/scan-output projectB/scan-output
>>
>> Thanks!
>> Andrew
>>
>>
>> --
>> Employee of Qualcomm Innovation Center, Inc.
>> Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project
>>
>>
>
>
> --
> --
> Andrew Melo
>
>
> --
> Employee of Qualcomm Innovation Center, Inc.
> Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project
>
>

-- 
It's dark in this basement.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20151130/dcc8621a/attachment.html>