[cfe-dev] Clang Analysis of several open source projects.

Tue May 17 12:10:21 PDT 2011

Doug,
            OK, I probably deserved that !  message received...

-Peter Lawrence.

On May 16, 2011, at 1:05 PM, Douglas Gregor wrote:

> On May 16, 2011, at 9:28 AM, Peter Lawrence wrote:
>
>> Erik,
>>       I too have been bothered by the lack of sophistication in  
>> static analyzers, my most recent was
>> something like this:
>>
>> 	int foo ()
>> 	{
>> 		if (...) {
>> 			return x;
>> 		} else switch (...) {
>> 		case 1: return y;
>> 		default: return z;
>> 		}
>> 	}
>>
>> and the compiler complained that the function could run-off-the- 
>> end without returning a value.!.
>
> "The compiler" == GCC, which isn't at all relevant to a discussion  
> of Clang or its static analyzer.
>
>> (the problem was with gcc, I have not tried clang on my code yet,  
>> since that would require clang/llvm
>> self-hosting, which I am not sure works yet ?)
>
> It appears that you have some reading to do. Clang has been self- 
> hosting for more than a year
>
> 	http://blog.llvm.org/2010/02/clang-successfully-self-hosts.html
>
> and is considered to be a production-quality compiler on Mac/Linux/ 
> FreeBSD.
>
> Of course, self-hosting wouldn't have been necessary for you to try  
> your 10-line experiment.
>
>> as this email-thread has evolved into a discussion of what is  
>> necessarily missed by not doing
>> inter-procedural (whole-program) analysis,  I am still confounded  
>> by what is not being done that
>> could be done with intra-procedural analysis which is very much  
>> more doable  (and again, maybe
>> clang is already doing better in that department than gcc, but I  
>> have not yet done the experiment
>> to find out...)
>
> Perhaps you should do the experiment before assuming that all  
> compilers behave in the same manner? Clang has no problems with  
> your example, a fact that you could have verified quite easily.
>
>>
>> so, what I am really trying to say is this:   static analysis (and  
>> also dynamic analysis) should be
>> implemented by folks that are very familiar with optimization  
>> theory, since avoiding false-positives
>> is very often necessarily going to rely on some form of iterative- 
>> data-flow analysis, which while
>> fairly simple conceptually, isn't typically understood well enough  
>> by pure "front-end" only folks
>> that are traditionally given the task of implementing these  
>> analyses.  --- well, perhaps I am over-
>> analyzing the situation a bit,  but I do think things could stand  
>> some improvement anyway.
>
> Presumably, you realize that your caricature of the developers in  
> this forum is offensive, and that your opinions will carry no  
> weight so long as you are unwilling to spend even a modicum of  
> effort to verify your claims. If you wish to participate in  
> technical discussions here, we expect you to be civil,  
> constructive, and informed.
>
> 	- Doug