[cfe-dev] [analyzer] How to analyzer the code after an indefinite loop?
Denis Petrov via cfe-dev
cfe-dev at lists.llvm.org
Thu Jul 30 04:17:59 PDT 2020
Thanks, Artem!
>You can find all your answers on the exploded graph dump.
Ok, I see. In this particular example analyzer splits an exploded graph on every iteration and the code below is reached in case of false branch. But what I am really interested in is to reach the code in true branch.
The problem is that the core generates a sink node after it reaches the limit of loop iterations.
My better example:
void f1()
{
int i = 0;
while(i < 100)
i++;
// Interested in some code here!!
}
??one more example
?
void f2()
{
int i = 0;
while(true)
i++;
// Interested in some code here!!
}?
?As I understand, there is no way to do this, right?
________________________________
Denys Petrov
Senior С++ Developer | Kharkiv, Ukraine
________________________________
От: Artem Dergachev <noqnoqneo at gmail.com>
Отправлено: 28 июля 2020 г. 22:34
Кому: Denis Petrov; cfe-dev
Тема: Re: [cfe-dev] [analyzer] How to analyzer the code after an indefinite loop?
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. If you suspect potential phishing or spam email, report it to ReportSpam at accesssoftek.com
Here's how you can find this out with the help of ExprInspection:
$ cat test.c
int f(int x, int flag)
{
int i = 0;
while(i < x)
i++;
clang_analyzer_warnIfReached();
}
$ clang --analyze -Xclang -analyzer-checker=debug.ExprInspection test.c
test.c:7:3: warning: REACHABLE [debug.ExprInspection]
clang_analyzer_warnIfReached();
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
Here's a slightly more interesting experiment:
$ cat test.c
int f(int x, int flag)
{
int i = 0;
while(i < x)
i++;
if (flag) {
clang_analyzer_warnIfReached();
clang_analyzer_numTimesReached();
return i;
} else {
clang_analyzer_warnIfReached();
clang_analyzer_numTimesReached();
return 0;
}
}
$ clang --analyze -Xclang -analyzer-checker=debug.ExprInspection test.c
test.c:8:5: warning: REACHABLE [debug.ExprInspection]
clang_analyzer_warnIfReached();
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
test.c:9:5: warning: 4 [debug.ExprInspection]
clang_analyzer_numTimesReached();
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
test.c:12:5: warning: REACHABLE [debug.ExprInspection]
clang_analyzer_warnIfReached();
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
test.c:13:5: warning: 1 [debug.ExprInspection]
clang_analyzer_numTimesReached();
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4 warnings generated.
Will you be able to figure out why is one branch reached 4 times while the other branch is reached only once? You can find all your answers on the exploded graph dump.
On 7/28/20 5:59 AM, Denis Petrov via cfe-dev wrote:
Hi, community!
A quick question.
Is CSA Core able to analyze the code after some indefinite loop?
E.g.
void f(int x)
{
int i = 0;
while(i < x)
i++;
// Interested in some code here!!
}
I found that Exploded graph grows going through the loop 4 times and then stops to analyze the code further.
P.S. I know about -analyzer-max-loop(4)?.
________________________________
Denys Petrov
Senior С++ Developer | Kharkiv, Ukraine
_______________________________________________
cfe-dev mailing list
cfe-dev at lists.llvm.org<mailto:cfe-dev at lists.llvm.org>
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20200730/274a60be/attachment.html>
More information about the cfe-dev
mailing list