[cfe-dev] Clang Analysis of several open source projects.

Douglas Gregor dgregor at apple.com
Mon May 16 13:05:10 PDT 2011 

On May 16, 2011, at 9:28 AM, Peter Lawrence wrote:

> Erik,
>       I too have been bothered by the lack of sophistication in static analyzers, my most recent was
> something like this:
> 
> 	int foo ()
> 	{
> 		if (...) {
> 			return x;
> 		} else switch (...) {
> 		case 1: return y;
> 		default: return z;
> 		}
> 	}
> 
> and the compiler complained that the function could run-off-the-end without returning a value.!.

"The compiler" == GCC, which isn't at all relevant to a discussion of Clang or its static analyzer.

> (the problem was with gcc, I have not tried clang on my code yet, since that would require clang/llvm
> self-hosting, which I am not sure works yet ?)

It appears that you have some reading to do. Clang has been self-hosting for more than a year

	http://blog.llvm.org/2010/02/clang-successfully-self-hosts.html

and is considered to be a production-quality compiler on Mac/Linux/FreeBSD. 

Of course, self-hosting wouldn't have been necessary for you to try your 10-line experiment.

> as this email-thread has evolved into a discussion of what is necessarily missed by not doing
> inter-procedural (whole-program) analysis,  I am still confounded by what is not being done that
> could be done with intra-procedural analysis which is very much more doable  (and again, maybe
> clang is already doing better in that department than gcc, but I have not yet done the experiment
> to find out...)

Perhaps you should do the experiment before assuming that all compilers behave in the same manner? Clang has no problems with your example, a fact that you could have verified quite easily.

> 
> so, what I am really trying to say is this:   static analysis (and also dynamic analysis) should be
> implemented by folks that are very familiar with optimization theory, since avoiding false-positives
> is very often necessarily going to rely on some form of iterative-data-flow analysis, which while
> fairly simple conceptually, isn't typically understood well enough by pure "front-end" only folks
> that are traditionally given the task of implementing these analyses.  --- well, perhaps I am over-
> analyzing the situation a bit,  but I do think things could stand some improvement anyway.

Presumably, you realize that your caricature of the developers in this forum is offensive, and that your opinions will carry no weight so long as you are unwilling to spend even a modicum of effort to verify your claims. If you wish to participate in technical discussions here, we expect you to be civil, constructive, and informed. 

	- Doug

More information about the cfe-dev mailing list