[cfe-dev] Implementing a custom analysis in the clang static analyzer
David Gens
david.gens at stud.tu-darmstadt.de
Tue Mar 10 12:50:16 PDT 2015
Hi,
I've been looking for C/C++ static analysis tools lately, particularly
tools capable of data flow analysis and came by clang.
Poking around the docs and examples - the type state example from the
slides was nice :-) - I still can't figure out if the following is
possible:
Say I want to implement a taint analysis for some private helper
method in a library I want to analyze, i.e. I want to know if a
certain parameter of this method can be modified somehow by using only
public API calls. The library is HUGE and the helper method is used in
various places. But only the cases where the user would be able to
modify the parameter and also get hold of the returned result are of
interest. If such a path exists, I want to report it.
What would be the general strategy for implementing an analysis like
this in clang? Implementing a custom checker do I need to re-compile
clang in order to run my analysis? Is there something like a client
API in clang to hand over my implemented analysis to clang and running
them without re-compilation? In particular extending clang makes
little sense as this check is really specific to this library.
I apologize if these are stupid questions and I completely missed a
point somewhere!
Kind regards,
David
More information about the cfe-dev
mailing list