[cfe-dev] Requirements for production-ready StreamChecker

Aditya Kumar hiraditya at codeaurora.org
Fri Aug 9 13:12:18 PDT 2013 

I started improving the simpleStreamChecker and the video talk on building a
simple stream checker was very helpful.

I have a couple of questions.

1. The function `SimpleStreamChecker::initIdentifierInfo' gets called every
time functions `checkPostCall' and `checkPreCall' are invoked. Is it
necessary?
What I understand is that initIdentifierInfo maps a token with the function
name (e.g. fopen, fclose) into the ASTContext.
So as long as there is one call to initIdentifierInfo during the analysis it
should be okay, right?

2. Should we use BugType::setSuppressOnSink() for all the non-severe bugs?

> -----Original Message-----
> From: Anna Zaks [mailto:ganna at apple.com]
> Sent: Wednesday, August 07, 2013 3:53 PM
> To: Aditya Kumar
> Subject: Re: Requirements for production-ready StreamChecker
> 
> 
> On Aug 7, 2013, at 1:52 PM, Aditya Kumar <hiraditya at codeaurora.org>
> wrote:
> 
> >
> >> The main limitation is that it only handles a very limited set of APIs.
> > Also, we
> >> did not test it much on production code, so you might find more
> >> issues
> > that
> >> need to be addressed before it is turned on.
> >
> > By APIs do you mean the APIs we have in StreamCheckers e.g., Fopen,
> > Tmpfile Fclose etc...
> >
> yes
> > Thanks for the reply.
> > -Aditya
> >
> >> -----Original Message-----
> >> From: Anna Zaks [mailto:ganna at apple.com]
> >> Sent: Wednesday, August 07, 2013 3:00 PM
> >> To: Aditya Kumar
> >> Subject: Re: Requirements for production-ready StreamChecker
> >>
> >> Aditya,
> >>
> >> The main limitation is that it only handles a very limited set of APIs.
> > Also, we
> >> did not test it much on production code, so you might find more
> >> issues
> > that
> >> need to be addressed before it is turned on.
> >>
> >> Also, if you want to work on this checker, I suggest to write a new
> > checker,
> >> starting with this one. The idea is to rip out the experimental
> > StreamChecker
> >> and replace it with a checker based on Simple Stream checker.
> >>
> >> There were other people interested in working on this. You can search
> >> the cfe-dev and cfe-commits lists for more info. Here are some of them:
> >> http://lists.cs.uiuc.edu/pipermail/cfe-commits/Week-of-Mon-
> >> 20130415/078438.html
> >> http://lists.cs.uiuc.edu/pipermail/cfe-commits/Week-of-Mon-
> >> 20130610/081436.html
> >>
> >> Cheers,
> >> Anna.
> >>
> >> On Aug 7, 2013, at 11:58 AM, Aditya Kumar <hiraditya at codeaurora.org>
> >> wrote:
> >>
> >>> Hi Anna,
> >>> I listened to the video lecture to learn how to implement checkers,
> >>> and it was very helpful.
> >>> You mention in the list of open projects that 'production-ready
> >>> StreamChecker' is required.
> >>> I would like to know what kind of enhancements would you like to
> >>> have in the current implementation of SimpleStreamChecker.
> >>> I would really appreciate if you can give some pointers so that I
> >>> can work on it.
> >>>
> >>> Thanks,
> >>> -Aditya
> >>>
> >
> >

More information about the cfe-dev mailing list