[cfe-dev] Why -checker-simple is disabled in scan-build?

Ted Kremenek kremenek at apple.com
Sun Oct 5 10:16:14 PDT 2008

On Oct 5, 2008, at 3:11 AM, Zhongxing Xu wrote:

> No real reason, other than -checker-cfref functionally does the same  
> thing as -checker-simple except that it does the retain/release  
> checking for Objective-C.  All -checker-simple does is run the path- 
> sensitive engine and execute its internal checks.  It's also a bad  
> name.  "-checker-basic-checks" instead?
> I prefer shorter name "-checker-basic". What do you think that we  
> make it available for pure C code checking?

-checker-basic sounds fine.

Just to be clear, -checker-cfref works on C code as well.  It just  
knows about the retain/release methods and also tracks reference  
counts.  It does all the same checks as -checker-simple does, and the  
performance impact is so minimal it didn't seem worth confusing people  
with two options and always run with "maximum checking."  That said,  
we probably should provide a separate scan-build option to run - 
checker-basic, and maybe one option, -checker-all-checks, that enables  

The current transfer function implementation is not designed will for  
checker composition, and I see this as the next big overhauling in the  
design of the system.  Right now the code in CFRefCount.cpp does some  
redundant work also done in GRSimpleVals.cpp, and the transfer  
function object defined in CFRefCount.cpp also subclasses  
GRSimpleVals.cpp and overrides some of its virtual functions.  This  
just doesn't seem very modular to me.  To me, a "checker" should be  
act like a plug-in transducer that can be interposed at different  
places and change the state while also coexisting with other checkers  
that can also change the state.  I'm not certain what is the best way  
to do this.  The Generic Data Map (GDM) model in GRState was added to  
help facilitate this, so that there was a common data representation  
in GRState for different checks to work with and plug in arbitrary  
checker-specific data.

As more checks get added, there will be more checks analogous to - 
checker-cfref: -checker-malloc, -checker-my-special-api, etc.  To me  
all these should do is enable extra checks.

More information about the cfe-dev mailing list