[cfe-dev] Writing simple checkers for the static analyzer

Rafael Auler rafaelauler at gmail.com
Sun May 25 07:28:08 PDT 2014


Hi Jordan,

Sure, it is attached. Thanks for taking a look at this.

Cheers,
Rafael


On Sun, May 25, 2014 at 4:13 AM, Jordan Rose <jordan_rose at apple.com> wrote:

> Hi, Rafael. From your description, this sounds like a bug in the
> analyzer—two program states with differing user data should not be folded.
> Can you attach your checker so I can take a look and see if there are any
> obvious mistakes? (on your part or ours).
>
> Thanks,
> Jordan
>
> On May 24, 2014, at 22:01 , Rafael Auler <rafaelauler at gmail.com> wrote:
>
> > Hello,
> >
> > I am trying to write a very simple checker for the clang static analyzer
> for the sake of writing a first exercise on this topic. Its goal is to
> simply alert whether a specific function has been called twice in a given
> path. Let's assume the name of this specific function that I am tracking is
> "doNotCallTwice()".
> >
> > In order to record state information, I use the
> REGISTER_TRAIT_WITH_PROGRAMSTATE macro to register an unsigned together
> with the program state. This integer indicates whether the function
> "doNotCallTwice()" has been called in a path and, if it is equal to 1 in a
> node where I detect yet another call, I prepare to report a "double call"
> bug. I use "checkPostCall" for changing the state.
> >
> > However, something strange happens. My extra integer registered in the
> program state is not sufficient to differentiate two ProgramStates with the
> same ProgramPoint: the engine fold the two nodes anyway, ignoring my new
> state information. On the other hand, the information *is* propagated. If I
> use other ways to avoid the nodes being folded, the checker works fine.
> >
> > An example where it does not work:
> >
> > void myfunc (int x, int y) {
> >   if (x)
> >     doNotCallTwice();
> >   if (y)
> >     doNotCallTwice();
> >   doNotCallTwice();
> > }
> >
> > Since programstates get folded in the ExplodedGraph, I never detect any
> path where two calls to doNotCallTwice() happen. However, change the code
> in the following way avoids the folding and make my checker work:
> >
> > void myfunc (int x, int y) {
> >   if (x)
> >     doNotCallTwice();
> >   if (y)
> >     doNotCallTwice();
> >   y = x;  // Now x and y are not dead anymore and this won't be folded
> >   doNotCallTwice();
> > }
> >
> > I based my checker on SimpleStreamChecker.cpp. Am I doing something
> conceptually wrong?
> >
> > Best regards,
> > Rafael
> > _______________________________________________
> > cfe-dev mailing list
> > cfe-dev at cs.uiuc.edu
> > http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20140525/6c6addd2/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: MyChecker.cpp
Type: text/x-c++src
Size: 3847 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20140525/6c6addd2/attachment.cpp>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mytest.c
Type: text/x-csrc
Size: 159 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20140525/6c6addd2/attachment.c>


More information about the cfe-dev mailing list