[cfe-dev] [analyzer] Toning down invalidations?

[Gábor Horváth via cfe-dev]

Hi!

What is the status of this?

On Mon, 27 Nov 2017 at 16:24, Artem Dergachev via cfe-dev <
cfe-dev at lists.llvm.org> wrote:

>
> * Invalidating base region when a field is invalidated (as the whole
> base region is reachable through safe pointer arithmetic).
>

I was doing a little experiment and for the projects I tested the number of
results was either the same or increased. Sometimes when the number of
results are increased I also lost some results which could be either due to
different use of the time budget or ruling out more infeasible paths. The
interesting part is, when I turn on refutation, for some projects we can
also refute some bugs that we could not earlier.  See the exact numbers [1]
and exact bugs [2].

After looking at the new results I found only one FP where the root cause
was the less invalidation. But it was an implementation artifact (we should
invalidate the super region of a field region, when the super region is a
union).

So while having more reports could be annoying, if the root cause of FPs
are not likely to be the less invalidation I think it would be worth to
actually do less invalidation and have an annotation for cases where we
actually need more. In my opinion, currently, when the aggressive
invalidation hides some FPs where the root cause is something else, we are
only giving ourselves a false sense of quality.

What do you think? Should we pursue this?

[1]:
https://docs.google.com/spreadsheets/d/1inqGzSAXHfcP-cJ6BuTAv7QYEpADxRcFyIa4v6bda6c/edit?usp=sharing
[2]: http://cc.inf.elte.hu:15013/Default/#
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20190122/e57953aa/attachment.html>