<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Menlo;
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1273780528;
mso-list-type:hybrid;
mso-list-template-ids:-204946580 -1912673462 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
mso-ascii-font-family:Calibri;
mso-fareast-font-family:Calibri;
mso-hansi-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1
{mso-list-id:2000770183;
mso-list-type:hybrid;
mso-list-template-ids:-890474854 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l1:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Anna Zaks [mailto:ganna@apple.com] <br><b>Sent:</b> Wednesday, July 31, 2013 3:50 PM<br><b>To:</b> Aditya Kumar<br><b>Cc:</b> Manuel Klimek; clang-dev Developers; Michele Galante<br><b>Subject:</b> Re: [cfe-dev] Clang Static Analyzer without scan-build<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>On Jul 31, 2013, at 12:13 PM, Aditya Kumar <<a href="mailto:hiraditya@codeaurora.org">hiraditya@codeaurora.org</a>> wrote:<o:p></o:p></p></div><p class=MsoNormal><br><br><o:p></o:p></p><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I have a preliminary working version of my patch and I ran it through our test framework (>100 MLOC), and it has worked fine.</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>To generate the summarized report (index.html) I copied some portions of scan-build and generated the summary.</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I’m planning to write some post-processing program that parses the report-*.html files and stores them in a database.</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Will that be useful?</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p></div></div></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>This depends on the workflow you have in mind. What reports the database will contain: ex, the results of the latest build or results of every build... <o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>I think the database might have limited usefulness if you are doing partial builds, at least you don't really know which set of bugs you are looking at.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>A useful workflow includes running the analyzer as part of continuous integration and storing results of every build. In that scenario, it is useful to only show / highlight the diff of issues or only new issues that the analyzer produces on the latest build. We do not have a very good infrastructure for this, but the first step would be to look at <span style='font-size:8.5pt;font-family:"Menlo","serif"'>utils/analyzer/CmpRuns.py</span> script and see if it could be useful for you.<o:p></o:p></p></div><div><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Thanks for telling me about </span><span style='font-size:8.5pt;font-family:"Menlo","serif"'>utils/analyzer/CmpRuns.py</span>.<span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>By the way, I am totally in favor of having a stand-alone tool like scan-build which makes it easy to run static analyzer separately as a part of <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>nightly/weekly builds or by a group of people specially assigned to track down bugs in a software infrastructure. The idea of storing report-statistics in a database could be a useful addition to standalone tools.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Currently, what I have implemented is the following: <o:p></o:p></span></p><p class=MsoListParagraph style='margin-left:46.5pt;text-indent:-.25in;mso-list:l1 level1 lfo2'><![if !supportLists]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><span style='mso-list:Ignore'>1.<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>compile the programs with a flag e.g., (clang++ --compile-and-analyze <path/to/report-dir> -c test.cpp). This stores all the report-*.html files in report-dir.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Also, I have created a post-processing program which does the following:<o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><span style='mso-list:Ignore'>1.<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>parse the report-*.html file and generate index.html. Ensure uniqueness of each report by comparing the sha1 keys (I’m using the linux system call to compute the sha1 keys for now).<o:p></o:p></span></p><p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><span style='mso-list:Ignore'>2.<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>populate the table in the database (mysql) with same details. To ensure uniqueness of details I store the sha1 key of report-*.html files along with the bug-details corresponding to each report.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p></div><div><p class=MsoNormal>Note, when running the analyzer as part of the compilation, one issue you'll have to worry about is the <span style='color:#222222;background:#EEEEEE'>__clang_analyzer__</span> macro, which is only defined when you run the analyzer and not the compiler.<o:p></o:p></p></div><div><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>So the way I have defined the action-pipeline is:<o:p></o:p></span></p><p class=MsoNormal style='margin-left:5.25pt'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>0: input, "test.cpp", c++<o:p></o:p></span></p><p class=MsoNormal style='margin-left:5.25pt'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>1: analyzer, {0}, plist<o:p></o:p></span></p><p class=MsoNormal style='margin-left:5.25pt'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>2: input, "test.cpp", c++<o:p></o:p></span></p><p class=MsoNormal style='margin-left:5.25pt'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>3: preprocessor, {2}, c++-cpp-output<o:p></o:p></span></p><p class=MsoNormal style='margin-left:5.25pt'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>4: compiler, {3}, assembler<o:p></o:p></span></p><p class=MsoNormal style='margin-left:5.25pt'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>5: assembler, {4}, object<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> 6: linker, {5}, image<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='color:#1F497D'>I think, this way the frontend should define the __clang_analyzer__ during analysis and not during the compilation.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>-Aditya<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal>Anna.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p></div><div><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span class=apple-converted-space><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> </span></span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Manuel Klimek [<a href="mailto:klimek@google.com">mailto:klimek@google.com</a>]<span class=apple-converted-space> </span><br><b>Sent:</b><span class=apple-converted-space> </span>Wednesday, July 31, 2013 1:15 PM<br><b>To:</b><span class=apple-converted-space> </span>Anna Zaks<br><b>Cc:</b><span class=apple-converted-space> </span>Aditya Kumar; clang-dev Developers; Michele Galante<br><b>Subject:</b><span class=apple-converted-space> </span>Re: [cfe-dev] Clang Static Analyzer without scan-build</span><o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><div><p class=MsoNormal>On Wed, Jul 31, 2013 at 8:07 PM, Anna Zaks <<a href="mailto:ganna@apple.com" target="_blank"><span style='color:purple'>ganna@apple.com</span></a>> wrote:<o:p></o:p></p></div><div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'><div><p class=MsoNormal> <o:p></o:p></p></div><div><div><div><div><p class=MsoNormal>On Jul 30, 2013, at 2:37 PM, Aditya Kumar <<a href="mailto:hiraditya@codeaurora.org" target="_blank"><span style='color:purple'>hiraditya@codeaurora.org</span></a>> wrote:<o:p></o:p></p></div></div><div><p class=MsoNormal><br><br><br><o:p></o:p></p></div><div><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>I was looking at the same problem and planning to work on it.</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>What I’m planning to do is having a compiler flag which enables a user to perform compilation as well as static analysis at the same time,</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>and make relevant changes in the clang driver to build a set of ‘Actions’ in the pipeline such that static analysis and compilation takes place simultaneously.</span><o:p></o:p></p></div></div></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>This will have an overhead on the overall compilation time which is often not the desirable thing. But there is an advantage that this flag can be incorporated in the build-system of software.</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>Since the build systems are really good at tracking the files which have changed and compiling only the minimal set of required files,</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>the overall turnaround time of static analysis will be very small and user can afford to run static analyzer with every build.</span><o:p></o:p></p></div></div></blockquote><div><div><p class=MsoNormal> <o:p></o:p></p></div></div></div><div><div><p class=MsoNormal>Have you looked at how scan-build currently works? It does compile and analyze the source files (clang is called twice). It is also driven by the build system, so we are not reanalyzing files that the build system would not recompile.<o:p></o:p></p></div></div><div><div><p class=MsoNormal> <o:p></o:p></p></div></div><div><div><p class=MsoNormal>The main advantage of keeping the scan-build-like interface is that, in the future, we plan to extend the analyzer to perform cross-file(translation unit) analysis. This is why we encourage the use of a single entry point (scan-build) when analyzing a project.<o:p></o:p></p></div></div><div><div><p class=MsoNormal> <o:p></o:p></p></div></div><div><div><p class=MsoNormal>Said that, the current implementation of scan-build is hacky and could be improved (see<span class=apple-converted-space> </span><a href="http://clang-analyzer.llvm.org/open_projects.html" target="_blank"><span style='color:purple'>http://clang-analyzer.llvm.org/open_projects.html</span></a>).<o:p></o:p></p></div></div></div></blockquote><div><div><p class=MsoNormal> <o:p></o:p></p></div></div><div><div><p class=MsoNormal>For what it's worth, I think the way to do large scale static analysis is to run over each TU in isolation, and output all the information needed to do the global analysis. Then, run the global analysis as a post-processing step, after sharding the information from that first step into parallelizable pieces.<o:p></o:p></p></div></div><div><div><p class=MsoNormal> <o:p></o:p></p></div></div><div><div><p class=MsoNormal>Note that I'm not trying to contradict what you said :) Just wanted to throw in some experience. We are currently starting to run the analyzer on our internal code base (see Pavel's work) based on the Tooling/ stuff (clang-check has grown a --analyze flag) and would be very interested in having a system that allows full codebase analysis and still works on ~100MLOC codebases... ;)<o:p></o:p></p></div></div><div><div><p class=MsoNormal> <o:p></o:p></p></div></div><div><div><p class=MsoNormal>Cheers,<o:p></o:p></p></div></div><div><div><p class=MsoNormal>/Manuel<o:p></o:p></p></div></div><div><div><p class=MsoNormal> <o:p></o:p></p></div></div><div><div><p class=MsoNormal> <o:p></o:p></p></div></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt'><div><div><div><div><p class=MsoNormal> <o:p></o:p></p></div></div><div><div><p class=MsoNormal>Cheers,<o:p></o:p></p></div></div><div><div><p class=MsoNormal>Anna.<o:p></o:p></p></div></div><div><p class=MsoNormal><br><br><br><o:p></o:p></p></div><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> </span><o:p></o:p></p></div></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>I wanted some feedback if this is a good idea or not.</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> </span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>-Aditya</span><o:p></o:p></p></div></div></div><div><p class=MsoNormal>_______________________________________________<br>cfe-dev mailing list<br><a href="mailto:cfe-dev@cs.uiuc.edu" target="_blank"><span style='color:purple'>cfe-dev@cs.uiuc.edu</span></a><br><a href="http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev" target="_blank"><span style='color:purple'>http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev</span></a><o:p></o:p></p></div></blockquote></div><div><p class=MsoNormal> <o:p></o:p></p></div></div><p class=MsoNormal style='margin-bottom:12.0pt'><br>_______________________________________________<br>cfe-dev mailing list<br><a href="mailto:cfe-dev@cs.uiuc.edu"><span style='color:purple'>cfe-dev@cs.uiuc.edu</span></a><br><a href="http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev" target="_blank"><span style='color:purple'>http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev</span></a><o:p></o:p></p></blockquote></div></div></div></blockquote></div><p class=MsoNormal><o:p> </o:p></p></div></div></body></html>