<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi Anna, thank you for the link. <br>
I had seen that recent thread. The idea of dumping summaries and
merging those is duly noted. As well as dumping summaries and
repeating the analysis when necessary. Wouldn't that be slow though,
reading the source from the file-system for each pass, if you have
to repeat the analysis many (perhaps hundreds of) times to converge?
[see also discussion below on our analysis]<br>
<br>
As Michael said we will use annotated code and static analysis to
check that the annotations are correct and that the code does not
have some types of bugs. This checking will require more from the
AST than just the Call Graph, but will not cross TU boundaries. The
next step is to infer these annotations (as many as possible), but
that is going to be an expensive, iterative process that may cross
TU boundaries. As I hinted, what creates dependencies for the
inference are cycles in the call graph, and we would only need to
merge the TUs that form cycles. That makes me optimistic about
scalability (and also complexity) because it means that the problem
is decomposable to a significant degree.<br>
<br>
Cheers!<br>
Alex<br>
<br>
On 06/12/2012 12:12 AM, Michael Han wrote:
<blockquote
cite="mid:2C9935343FDB104E8F3175A2729BC3143B53C5@005-TK5MPN1-011.MGDADSK.autodesk.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Hi
Anna,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Thanks
for the link.
<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">We
are planning to write a static analyzer that perform
analysis with the aid of limited user annotations. It would
be good to fit it in the static analyzer infrastructure to
have access to the bug reporter, CFG, etc.. The missing
piece for us is the whole program analysis support from
static analyzer (and as you pointed out, it is a big
project), at least from an infrastructure point of view,
current static analyzer is invoked per file base so each
analysis won’t know other TU. <o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">At
the beginning our analysis would be quite simple. It is not
flow/path sensitive at least for now and would only (Alex
please correct me if I am wrong..) require access to AST to
construct call graph. So, it looks like without accessing to
all the nice features done in the static analyzer we can
still build the tool using libTooling and AST serialization,
and at the analysis time hopefully we will have the whole
program image ready to consume. <o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Cheers<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Michael<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span
style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
Anna Zaks [<a class="moz-txt-link-freetext" href="mailto:ganna@apple.com">mailto:ganna@apple.com</a>]
<br>
<b>Sent:</b> Monday, June 11, 2012 8:34 PM<br>
<b>To:</b> Alexandros Tzannes<br>
<b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:cfe-dev@cs.uiuc.edu">cfe-dev@cs.uiuc.edu</a>; Michael Han<br>
<b>Subject:</b> Re: [cfe-dev] Full program Analysis w.
Clang<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">This thread also discusses options on
working with multiple TUs:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal"><a moz-do-not-send="true"
href="http://clang-developers.42468.n3.nabble.com/C-analysis-with-Clang-td4024252.html">http://clang-developers.42468.n3.nabble.com/C-analysis-with-Clang-td4024252.html</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Jun 11, 2012, at 8:24 PM, Anna
Zaks wrote:<o:p></o:p></p>
</div>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
<div>
<p class="MsoNormal">On Jun 11, 2012, at 6:23 PM,
Alexandros Tzannes wrote:<br>
<br>
<br>
<o:p></o:p></p>
<p class="MsoNormal">Hi all,<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">I am interested in using Clang to
write a checker that reads in custom annotations (we
are considering using attributes rather than pragmas)
to guarantee the absence of some types of bugs. The
next step after this is done would be to try and infer
as many of the annotations as possible, but this will
require whole program analysis. I know that clang
works per translation unit (TU), so I was wondering if
there is some advice on how to go about it. Perhaps
serialize the AST of different TUs, merge them and
analyze the whole program offline (after compilation)
to prove the desired safety guarantees.<o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><br>
Are you planning to write a static analyzer checker? In
general, we are interested in adding whole program
analyzes to the analyzer, but it's an ambitious project.<br>
<br>
<br>
<o:p></o:p></p>
<p class="MsoNormal">It may actually be possible to
perform inference per TU, as long as any cyclic
call-graph dependencies are within a single TU.<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><o:p> </o:p></p>
</blockquote>
<p class="MsoNormal"><br>
Scalability wise, developing summary based analyzes is
better than serializing the AST. (Very simply put, you'd
analyze each function separately, store their summaries,
and re-analyze all the functions again taking into
account the generated info. If you have cyclic
dependencies, you could consider repeating the process
more than once.)<br>
<br>
<br>
<br>
<o:p></o:p></p>
<p class="MsoNormal">Any feedback/brainstorming will be
greatly appreciated!<o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><o:p> </o:p></p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Cheers!<o:p></o:p></p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Alex<o:p></o:p></p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><o:p> </o:p></p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">_______________________________________________<o:p></o:p></p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">cfe-dev mailing list<o:p></o:p></p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><a moz-do-not-send="true"
href="mailto:cfe-dev@cs.uiuc.edu">cfe-dev@cs.uiuc.edu</a><o:p></o:p></p>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><a moz-do-not-send="true"
href="http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev">http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev</a><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><br>
_______________________________________________<br>
cfe-dev mailing list<br>
<a moz-do-not-send="true"
href="mailto:cfe-dev@cs.uiuc.edu">cfe-dev@cs.uiuc.edu</a><br>
<a moz-do-not-send="true"
href="http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev">http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev</a><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</blockquote>
</body>
</html>