<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="HU" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US">Hi All,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">at the EuroLLVM’17 conference we presented our results about a new analysis mode in clang static analyzer: Cross Translational Unit analysis.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">See patch <a href="https://reviews.llvm.org/D30691">
https://reviews.llvm.org/D30691</a><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">which is based on the work of A. Sidorin et al.
<a href="http://lists.llvm.org/pipermail/cfe-dev/2015-October/045730.html" target="_blank">
<span style="font-size:10.0pt;font-family:"Segoe UI",sans-serif;color:#136CB2;background:white">http://lists.llvm.org/pipermail/cfe-dev/2015-October/045730.html</span></a>, but without function summaries and updated to the newest Clang.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">The CTU mode allows the analyzer to “inline” function calls that are defined in another TU than the one currently analyzed.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">So it allows to find bugs that span multiple source files.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Without this patch the static analyzer engine, when meets an external function call,
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">cannot reason about the return value of a function (unknown) and the pointed values, references passed to a function as parameter are invalidated.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">You can find a full patched clang 4.0 (use it with llvm commit 01609a325b5f85d88e3ab5c7d470409092436cb2 )<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><a href="https://github.com/dkrupp/clang/tree/ctu-master">https://github.com/dkrupp/clang/tree/ctu-master</a><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">We have run the analysis on some reasonably-sized (ffmpeg, curl, vim, openssl, postgresql) open source C projects and found many additional true positive reports compared to the traditional single TU mode in all projects.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">This indicates that this feature would give many new results on any project.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">We measured the heap usage, the analysis time and the number of new findings.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">You can find the detailed comparison results here:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><a href="http://cc.elte.hu/clang-ctu/">http://cc.elte.hu/clang-ctu/</a><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">In summary, the number of reported bugs is ~1.5-5x times the original single TU analysis, at the cost of 1.5-5x higher analysis time, 1.5-5x max heap usage (roughly in proportion to the increase in the number of reported
faults).<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">The design concept is described shortly in this document:
<a href="http://cc.elte.hu/clang-ctu/eurollvm17/abstract.pdf">http://cc.elte.hu/clang-ctu/eurollvm17/abstract.pdf</a><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">If you would like to try this analysis mode on your project please find the description of the 2 new additional analyzer scripts here:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><a href="https://github.com/dkrupp/clang/blob/ctu-master/tools/xtu-build-new/readme.md">https://github.com/dkrupp/clang/blob/ctu-master/tools/xtu-build-new/readme.md</a><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Would be happy to hear your opinion and experiences with this feature and would appreciate your help in reviewing the patch.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Thanks & Regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Daniel<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
</body>
</html>