<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Aug 28, 2014, at 1:29 AM, Daniel Marjamäki <<a href="mailto:Daniel.Marjamaki@evidente.se" class="">Daniel.Marjamaki@evidente.se</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; direction: ltr; font-family: Tahoma; font-size: 10pt;" class="">Hello!<div class=""><br class=""></div><div class=""><span style="font-size: 10pt;" class="">I want to have path-sensitive analysis. However I do not understood how it's done effectively in Clang yet. It's quite different to Cppcheck. :-)</span></div></div></div></blockquote><br class="">The static analyzer core generates exploded graph, which represents all paths through the program. As the graph is constructed, the analyzer calls to the path sensitive checkers and allows them to explore and augment the state. You can watch our presentation (<a href="http://llvm.org/devmtg/2012-11/#content" class="">http://llvm.org/devmtg/2012-11/#content</a>) on how to build a checker to refresh on how this all plays together. We have some nice visualizations there.</div><div><br class=""></div><div>The main problem with using the path sensitive analyzer engine here is that paths may be dropped and you are not guaranteed to explore all paths. This could lead to false positives in reverse null (test after X) checks. In order to work around this, you’ve limited the analysis to a single basic block (at least that’s what I understand from reading the review thread). However, if you are limited to a basic block, the advantage of path sensitive analysis is greatly diminished, and it’s not worth paying the performance price.</div><div><br class=""><blockquote type="cite" class=""><div class=""><div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; direction: ltr; font-family: Tahoma; font-size: 10pt;" class=""><div class=""><br class=""></div><div class="">> <span style="font-family: 'Segoe UI', Helvetica, Arial, sans-serif; font-size: 12px;" class="">My understanding is that you are working around this by performing checking within a single basic block</span></div><div class=""><span style="font-family: 'Segoe UI', Helvetica, Arial, sans-serif; font-size: 12px;" class=""><br class=""></span></div><div class=""><span style="font-family: 'Segoe UI', Helvetica, Arial, sans-serif; font-size: 12px;" class="">The problem is mostly that I don't understand how CFG is used effectively. I don't see how to properly handle inner/outer/same scope.</span></div><div class=""><br class=""></div><div class="">> <span style="font-family: 'Segoe UI', Helvetica, Arial, sans-serif; font-size: 12px;" class="">I think it’s best to write these as non-path sensitive data flow analysis on the CFG. What do you think?</span></div><div class=""><span style="font-family: 'Segoe UI', Helvetica, Arial, sans-serif; font-size: 12px;" class=""><br class=""></span></div><div class=""><span style="font-family: 'Segoe UI', Helvetica, Arial, sans-serif; font-size: 12px;" class="">sorry.. could you be more specific. do you want to move the checker. do you want it to use a different visitor? do you want that we remove some logic?</span></div></div></div></blockquote><div><br class=""></div>I am suggesting to write a data flow sensitive analysis (instead of path sensitive) for this particular set of problems. Flow sensitive analysis are much more lightweight; these are often used in compiler optimization algorithms. Currently, we do not have many of these. Live variable analysis would be one such example. Unfortunately, this would mean a rewrite of what you have now...</div><div><br class=""><blockquote type="cite" class=""><div class=""><div style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; direction: ltr; font-family: Tahoma; font-size: 10pt;" class=""><div class=""><br class=""></div><div class=""><span style="font-family: 'Segoe UI', Helvetica, Arial, sans-serif; font-size: 12px;" class="">best regards,</span></div><div class=""><span style="font-family: 'Segoe UI', Helvetica, Arial, sans-serif; font-size: 12px;" class="">Daniel Marjamäki</span></div><div class=""><div class=""><br class=""><div style="font-family: Tahoma; font-size: 13px;" class=""><div style="font-family: Tahoma; font-size: 13px;" class=""><div style="font-family: Tahoma; font-size: 13px;" class=""><div style="font-family: Tahoma; font-size: 13px;" class=""><div style="font-family: Tahoma; font-size: 13px;" class=""><div style="font-family: Tahoma; font-size: 13px;" class=""><div style="margin: 0cm 0cm 0pt;" class=""><span style="font-family: Arial, sans-serif; color: gray; font-size: 8pt;" class="">..................................................................................................................</span></div><div style="margin: 0cm 0cm 0pt;" class=""><span style="font-family: Arial, sans-serif; font-size: 8pt;" class="">Daniel Marjamäki<span class="Apple-converted-space"> </span></span><span style="font-family: Arial, sans-serif; color: gray; font-size: 8pt;" class="">Senior Engineer</span></div><div style="margin: 0cm 0cm 0pt;" class=""><span lang="EN-US" style="font-family: Arial, sans-serif; color: gray; font-size: 8.5pt;" class="">Evidente ES East</span><span lang="EN-US" style="font-family: Arial, sans-serif; color: gray; font-size: 8pt;" class=""><span class="Apple-converted-space"> </span>AB<span class=""> <span class="Apple-converted-space"> </span></span>Warfvinges väg 34<span class=""> <span class="Apple-converted-space"> </span></span>SE-112 51 Stockholm<span class=""> <span class="Apple-converted-space"> </span></span>Sweden<span class="Apple-converted-space"> </span></span></div><p class="MsoNormal" style="margin: 0cm 0cm 0pt;"><span lang="EN-US" style="font-family: Arial, sans-serif; color: gray; font-size: 8pt;" class=""></span> </p><div style="margin: 0cm 0cm 0pt;" class=""><span lang="EN-GB" style="font-family: Arial, sans-serif; color: gray; font-size: 8pt;" class="">Mobile</span><span lang="EN-GB" style="font-family: Arial, sans-serif; color: gray; font-size: 8pt;" class="">:<span class=""> <span class="Apple-converted-space"> </span></span>+46 (0)709 12 42 62</span></div><div style="margin: 0cm 0cm 0pt;" class=""><span lang="EN-GB" style="font-family: Arial, sans-serif; color: gray; font-size: 8pt;" class=""></span><span lang="EN-GB" style="font-family: Arial, sans-serif; color: gray; font-size: 8pt;" class="">E-mail:<span class=""> <span class="Apple-converted-space"> </span></span><span class=""> <span class="Apple-converted-space"> </span><a tabindex="0" href="mailto:Daniel.Marjamaki@evidente.se" class="">Daniel.Marjamaki</a></span><a tabindex="0" href="mailto:Daniel.Marjamaki@evidente.se" class="">@evidente.se</a><span class=""> <span class="Apple-converted-space"> </span></span><span class=""> <span class="Apple-converted-space"> </span></span></span></div><p class="MsoNormal" style="margin: 0cm 0cm 0pt;"><span lang="EN-GB" style="font-family: Arial, sans-serif; color: gray; font-size: 8pt;" class=""></span> </p><div style="margin: 0cm 0cm 0pt;" class=""><span lang="EN-GB" style="font-family: Arial, sans-serif; font-size: 8pt;" class=""><a href="http://www.evidente.se/" class="">www.evidente.se</a></span></div></div></div></div></div></div></div></div><div style="font-family: 'Times New Roman'; font-size: 16px;" class=""><hr tabindex="-1" class=""><div id="divRpF787629" style="direction: ltr;" class=""><font face="Tahoma" size="2" class=""><b class="">Från:</b><span class="Apple-converted-space"> </span>Anna Zaks [<a href="mailto:ganna@apple.com" class="">ganna@apple.com</a>]<br class=""><b class="">Skickat:</b><span class="Apple-converted-space"> </span>den 27 augusti 2014 19:48<br class=""><b class="">Till:</b><span class="Apple-converted-space"> </span>Daniel Marjamäki<br class=""><b class="">Cc:</b><span class="Apple-converted-space"> </span><a href="mailto:cfe-dev@cs.uiuc.edu" class="">cfe-dev@cs.uiuc.edu</a>; Jordan Rose<br class=""><b class="">Ämne:</b><span class="Apple-converted-space"> </span>Re: [cfe-dev] [RFC] Creating base class for 'Test after X' checkers<br class=""></font><br class=""></div><div class=""></div><div class="">Hi Daniel,<div class=""><br class=""></div><div class="">As Jordan mentioned earlier, I am concerned about making test after div-zero/dereference checkers rely on path sensitive analysis. These require all path reasoning and the analyzer does not guarantee to cover all paths (some of them might be silently dropped). My understanding is that you are working around this by performing checking within a single basic block; however, in that case relying on the power of path sensitivity is an overkill. I think it’s best to write these as non-path sensitive data flow analysis on the CFG. What do you think?</div><div class=""><br class=""></div><div class="">If we decided to go with path-sensitive checkers for this, addition of the base class would be the right way to go.</div><div class=""><br class=""><div class=""><blockquote type="cite" class=""><div class="">On Aug 24, 2014, at 2:25 AM, Daniel Marjamäki <<a href="mailto:Daniel.Marjamaki@evidente.se" class="" target="_blank">Daniel.Marjamaki@evidente.se</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="" style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; direction: ltr; font-family: Tahoma; font-size: 10pt;">Hello!<br class=""><br class="">Recently a TestAfterDivZero checker was added to the static analyser (r212731).<br class=""><br class="">We could add many related checkers, for example:<br class=""> * test after null pointer dereference<br class=""> * test after array index out of bounds<br class=""> * test after dangerous/invalid function argument<br class=""> * ...<br class=""><br class="">I wonder what you think about creating generic base classes for TestAfterX checkers. Would you prefer copy/paste?<br class=""><br class="">I attach a proof of concept patch. It adds a include file llvm/tools/clang/include/StaticAnalyzer/Core/TestAfterChecker.h.</div></div></blockquote><div class=""><br class=""></div><div class="">This one should be added under include/clang/StaticAnalyzer/Checkers/. See ObjCRetainCount.h as an example.</div><br class=""><blockquote type="cite" class=""><div class=""><div class="" style="font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; direction: ltr; font-family: Tahoma; font-size: 10pt;">Is that the proper path where it should be or would it be better somewhere else? There is no implementation but I should add it in llvm/tools/clang/lib/StaticAnalyzer/Core/TestAfterChecker.cpp, shouldn't I? Do you have an opinion about the namespace usage?<br class=""><br class="">It might still be possible to move some more code from the checker to the base classes. The current code is work-in-progress.<br class=""><br class=""><div class="">Best regards,<br class="">Daniel Marjamäki<br class=""><br class=""><div class="" style="font-family: Tahoma; font-size: 13px;"><div class="" style="font-family: Tahoma; font-size: 13px;"><div class="" style="font-family: Tahoma; font-size: 13px;"><div class="" style="font-family: Tahoma; font-size: 13px;"><div class="" style="font-family: Tahoma; font-size: 13px;"><div class="" style="font-family: Tahoma; font-size: 13px;"><div class="" style="margin: 0cm 0cm 0pt;"><span class="" style="font-family: Arial, sans-serif; color: gray; font-size: 8pt;">..................................................................................................................</span></div><div class="" style="margin: 0cm 0cm 0pt;"><span class="" style="font-family: Arial, sans-serif; font-size: 8pt;">Daniel Marjamäki<span class="Apple-converted-space"> </span></span><span class="" style="font-family: Arial, sans-serif; color: gray; font-size: 8pt;">Senior Engineer</span></div><div class="" style="margin: 0cm 0cm 0pt;"><span lang="EN-US" class="" style="font-family: Arial, sans-serif; color: gray; font-size: 8.5pt;">Evidente ES East</span><span lang="EN-US" class="" style="font-family: Arial, sans-serif; color: gray; font-size: 8pt;"><span class="Apple-converted-space"> </span>AB<span class=""> <span class="Apple-converted-space"> </span></span>Warfvinges väg 34<span class=""> <span class="Apple-converted-space"> </span></span>SE-112 51 Stockholm<span class=""> <span class="Apple-converted-space"> </span></span>Sweden<span class="Apple-converted-space"> </span></span></div><p class="MsoNormal" style="margin: 0cm 0cm 0pt;"><span lang="EN-US" class="" style="font-family: Arial, sans-serif; color: gray; font-size: 8pt;"></span> </p><div class="" style="margin: 0cm 0cm 0pt;"><span lang="EN-GB" class="" style="font-family: Arial, sans-serif; color: gray; font-size: 8pt;">Mobile</span><span lang="EN-GB" class="" style="font-family: Arial, sans-serif; color: gray; font-size: 8pt;">:<span class=""> <span class="Apple-converted-space"> </span></span>+46 (0)709 12 42 62</span></div><div class="" style="margin: 0cm 0cm 0pt;"><span lang="EN-GB" class="" style="font-family: Arial, sans-serif; color: gray; font-size: 8pt;"></span><span lang="EN-GB" class="" style="font-family: Arial, sans-serif; color: gray; font-size: 8pt;">E-mail:<span class=""> <span class="Apple-converted-space"> </span></span><span class=""> <span class="Apple-converted-space"> </span><a tabindex="0" href="mailto:Daniel.Marjamaki@evidente.se" class="" target="_blank">Daniel.Marjamaki</a></span><a tabindex="0" href="mailto:Daniel.Marjamaki@evidente.se" class="" target="_blank">@evidente.se</a><span class=""> <span class="Apple-converted-space"> </span></span><span class=""> <span class="Apple-converted-space"> </span></span></span></div><p class="MsoNormal" style="margin: 0cm 0cm 0pt;"><span lang="EN-GB" class="" style="font-family: Arial, sans-serif; color: gray; font-size: 8pt;"></span> </p><div class="" style="margin: 0cm 0cm 0pt;"><span lang="EN-GB" class="" style="font-family: Arial, sans-serif; font-size: 8pt;"><a href="http://www.evidente.se/" class="" target="_blank">www.evidente.se</a></span></div></div></div></div></div></div></div></div></div><span class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; float: none; display: inline !important;">_______________________________________________</span><br class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;"><span class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; float: none; display: inline !important;">cfe-dev mailing list</span><br class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;"><a href="mailto:cfe-dev@cs.uiuc.edu" class="" target="_blank" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">cfe-dev@cs.uiuc.edu</a><br class="" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;"><a href="http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev" class="" target="_blank" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px;">http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev</a></div></blockquote></div></div></div></div></div></div></div></blockquote></div><br class=""></body></html>