[cfe-dev] [analyzer] Bug post-processing questions

George Karpenkov via cfe-dev cfe-dev at lists.llvm.org
Mon Mar 5 14:30:08 PST 2018 

Hi Réka,

> I was thinking about whether the whole ExplodedGraph needs to be re-built if we want to post-process bugs occured in its realm.

Generally all of post-processing is done in the `BugReporterVisitors.cpp` file,
with general entry point being `trackNullOrUndefValue` function for many checkers.

The bug reporter visitor gets access to the last node in the exploded graph, but can generally very easily retrace the past,
by going up the chain of predecessors.

> After looking at the EGs of some code snippets analyzed using the default solver and then Z3, it seems to me that constraints, but also environment and store contents are changing, so one guess would be a yes.

In general, I think it should be possible to get a good increase in precision just by re-analyzing the existing exploded graph.
From my understanding, many constraints are different because the constraint manager tries to be as efficient as possible,
and destroys all constraints which can not be processed by the current solver.
If a further increase in precision is needed, it should not be very difficult to change that destroying logic to keep those constraints as well.

> But again, completely re-building EGs might not be far in slow-down from analyzing with Z3 from the beginning, depending on what portion of the code is buggy.

Yes, that’s why post-processing is done.

> So one could work with the information already present in the graph (this might need telling the analyzer core not to throw away stuff it does not understand when the false positive refutation option is turned on, if such thing happens?), and re-evaluate those, perhaps around the time we call FindReportInEquivalenceClass().

As mentioned before, it’s better to do those in your own visitor inside BugReporterVisitors.cpp.
Visitors get the `BugReport` object, and can call `BugReport::markInvalid` if invalidation is needed.

Regards,
George
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20180305/ffecbe7d/attachment.html>

More information about the cfe-dev mailing list