[cfe-dev] Generate the whole program CFG?
Ted Kremenek
kremenek at apple.com
Fri Sep 11 09:03:07 PDT 2009
On Sep 11, 2009, at 4:28 AM, zhunan wrote:
> Hi,all
>
> Since the CFGs generated by clang-cc are for single function,can we
> generate a large CFG for the whole program(we expand the callee's
> CFG in
> the main function's CFG)?
>
>
> 1.Has clang offered this function?
>
> 2.what we should modify?(It seems that ASTs are also for single
> function)
Hi ZhuNan,
While we plan on supporting interprocedural analysis, there are no
plans to support building whole-program CFGs. Clang's CFGs are meant
to be simple data structure that represent the control-flow within a
function.
One can simulate a whole program CFG, however, by incrementally
constructing CFGs for the functions that are analyzed, and having the
analysis engine track the necessary information for call and returns.
Any analysis that cares about context-sensitivy of function calls will
need to do this anyway. A whole-program CFG also breaks down (or at
least gets much more complicated) when one considers function pointers
or any form of dynamic dispatch.
A primary motivation for not constructing whole-program CFGs is that
it defers to the analysis the decision of what level and kind of inter-
procedural analysis to perform. Some interprocedural analyses may use
summaries, while others may directly simulate a function call by
"inlining" its effects (i.e., constructing the called function's CFG
and "stepping into" that function and directly evaluating the effects
of its statements).
Ted
More information about the cfe-dev
mailing list