[cfe-dev] Work on analyzer's C++ support

[Marcin Świderski]

W dniu 3 listopada 2010 18:56 użytkownik Ted Kremenek
<kremenek at apple.com>napisał:

> Hi Marcin,
>
> I think these are great ideas.  Comments inline.
>
> On Nov 3, 2010, at 3:04 AM, Marcin Świderski <marcin.sfider at gmail.com>
> wrote:
>
> > I'm going to add some checks for C++ that will check for:
> > - uninitialized object members,
>
> This seems like a path-sensitive check that requires inter-procedural
> analysis of constructor calls.
>
>
Why the inter-procedural analysis of constructor calls? We can safly assume
that constructor initializes all members, and then require the same from the
analyzed constructor.

And what is the current support for inter-procedural analysis?


> > - problems in ctors derived from order of initialization,
>
> Another path-sensitive check.  What do you mean by "problems"?
>

In general, situations when order of evaluation of some side-effects in
initializers is different in source code then in reality. Such situation can
be errornous. We can of course provide a check for initializers ordered
differently then members, but this does not
solve the problem. After ordering initializers we loose information about
probable intentions of the programmer (assuming the intentions to be
invalid).


> > - absence of virtual destructor when needed,
> > - virtual method calls in ctors/dtors,
> > - some const-correctness.
>
> It's not clear to me that these are path-sensitive checks, or even require
> flow analysis.
>
> For virtual calls we could probably use path-sensitive engine for:
- Checking when method is called on /this/. Should be trival most of the
time, but if someone will use method returning /this/ for silencing compiler
warnings in initialization list it stops to be trivial,
- Inter-procedural analysis.

Rest can be done on AST alright.

>
> > I'll try to use the path-sensitive engine for some of them, extending it
> in the process, but I'm not sure if I'll make it. I'm doing this for my
> masters thesis and don't have much time, so I will be able to share my work
> probably in a month or so. If someone want to work on C++ in the
> path-sensitive engine during this time I'll contribute just the checks.
>
> The constructor checking is probably the most interesting, but probably the
> hardest to do.  It also requires the most amount of new pieces working.
>
> The good thing about the analyzer is that, unlike the compiler, you can
> skip analyzing entire swaths of code (if the engine isn't ready) and still
> find bugs.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20101103/fa6e5536/attachment.html>