[cfe-dev] my experience with clang

Nuno Lopes nunoplopes at sapo.pt
Sat Dec 22 05:47:27 PST 2007 

Hi,

As promised previously, I'll try to provide a review of clang. I'm not an 
expert on compilers by any means, though.

I used clang to make a static code analyzer tool, based on the ARCHER paper 
from Stanford, albeit simpler. It is able to detect both static and dynamic 
memory overflows. It only supports intra-procedural analysis. It also 
provides analysis for the PHP interpreter API varargs functions (printf 
style).
In case someone is interested, the full source-code is available at: 
http://web.ist.utl.pt/nuno.lopes/sirs-project.tar.bz2
It also includes a presentation of the project in Portuguese, as well as 
some examples of bugs that it is able to find.

My code doesn't use the clang analysis framework, as the path-sensitive 
analyzer wasn't ready by the time I started the project.

So, about clang.. It is a very nice tool with a low learning curve. really. 
I once tried to look to the gcc code and I gave up (I admit I didn't try too 
much, but..). From all the compiler tools I've worked so far, clang proved 
to be the easiest one. This is due to the nice C++/OOP usage, as well as an 
intuitive AST (if you know C, you know how the AST looks like).
A con of clang in the point of view of code analysis is that clang is 
optimized for IDEs. That means that some AST nodes could be removed 
altogether (e.g. ParenExpr). Also, similar expressions are represented 
differently:
int x=2;
and
int x; x=2;

This makes sense in the IDE world, but only makes things more difficult in 
the analysis world. But I'm not sure how clang could be improved any further 
about this point.
Also using clang as a gcc replacement is very difficult, mainly where you 
are using ./configure && make. I had to do a script to strip unknown 
options, as well as run gcc in parallel to clang (as ./configure usually 
checks if the compiler is able to create executable files).

If I would recomend clang? Yes, sure! Although the API is not stable, it's 
still a nice framework.


Thank you all, especially Ted, who was always ready to answer my questions 
with throughout explanations.

I hope you enjoyed my presence here and I hope this is not the end of my 
work in the compiler world :)


Regards,
Nuno Lopes

P.S.:  I feel I'm missing a lot of things, but I'll send another e-mail if I 
remember something important.

More information about the cfe-dev mailing list