[cfe-dev] Query regarding Clang SA analyzer-config options

Sulekha Kulkarni via cfe-dev cfe-dev at lists.llvm.org
Thu Mar 7 19:47:20 PST 2019


Hi,

I am a fairly new entrant to Clang SA. I wanted to confirm the behavior of
the following two analyzer-config options:

max-times-inline-large : When CSA is analyzing a compilation unit, at most
max-times-inline-large "large" functions will be inlined during the
analysis of the entire CU. In particular, it is not applied per-top-level
function analyzed. Is this correct?
A test I did: Suppose a CU t.c contains a function foo() that has a null
dereference, and several other functions. The command "*clang -cc1 -analyze
-analyzer-checker=core.NullDereference t.c  -analyze-function=foo*" detects
the null deref bug while the command "*clang -cc1 -analyze
-analyzer-checker=core.NullDereference t.c*" does not. When I increased the
max-times-inline-large value, running CSA on the entire t.c did detect the
null deref bug.

max-symbol-complexity=35 : What is the number 35 counting? Is it
(approximately) the number of operators in a symbolic expression?

I'll really appreciate any clarification on these points.

Thanks in advance,
Sulekha
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20190307/d1c5407e/attachment.html>


More information about the cfe-dev mailing list