[cfe-dev] fix for Clang PR 8419

Ted Kremenek kremenek at apple.com
Sat Nov 6 11:26:18 PDT 2010 

On Nov 4, 2010, at 5:28 PM, Zhanyong Wan (λx.x x) wrote:

> Also, what do you think is the best way to ramp up on the analyzer code base?

I wish there was more documentation as well.  My apologies for that.  It's something we really need to find time to do.

I think the best way to ramp up the codebase is to pick an example problem (like the one you are exploring and dig into it).  If you are interested in bringing up support for C++ expressions, the best place to look is the visitation logic in GRExprEngine, which handles the "simulation" of individual expressions.  There's plenty of examples there of how other expressions are handled.

If you are interested in writing checkers, then I'd suggest looking at the Checker and CheckerVisitor interfaces (Checker.h and CheckerVisitor.h).  Almost all the files in libChecker that are named *Checker.cpp implement this interface.  The Checker interface is designed to be minimal and simple for Checker writers, and attempts to isolate them from much of the gore of the internal analysis engine.

There are some useful command line options for debugging.  For example:

$ clang -cc1 -help | grep analyze | <subset that I'm pointing out>
  -analyze-function <value>
  -analyzer-display-progress
  -analyzer-viz-egraph-graphviz

The first allows you to specify only analyzing a specific function.  The second prints to the console what function is being analyzed.  The third generates a graphviz dot file of the ExplodedGraph.  This is extremely useful when debugging the analyzer and viewing the simulation results.

Of course, viewing the CFG is also useful:

$ clang -cc1 -help | grep cfg
  -cfg-add-implicit-dtors Add C++ implicit destructors to CFGs for all analyses
  -cfg-add-initializers   Add C++ initializers to CFGs for all analyses
  -cfg-dump               Display Control-Flow Graphs
  -cfg-view               View Control-Flow Graphs using GraphViz
  -unoptimized-cfg        Generate unoptimized CFGs for all analyses

-cfg-dump dumps a textual representation of the CFG to the console, and -cfg-view creates a GraphViz representation.

And of course, feel free to ask lots of questions!  Myself and many others are more than welcome to help. Over time, I'd like to add some real developer documents on clang-analyzer.llvm.org.

More information about the cfe-dev mailing list