[cfe-dev] Implementing a custom analysis in the clang static analyzer

[Jan-Patrick Lehr]

Hi David,
I am pretty sure you would want to have a look at 
http://clang.llvm.org/docs/Tooling.html which gives a good starting 
point for the development of clang based tools.

Cheers,
JP

On 10.03.2015 20:50, David Gens wrote:
> Hi,
>
> I've been looking for C/C++ static analysis tools lately, particularly 
> tools capable of data flow analysis and came by clang.
> Poking around the docs and examples - the type state example from the  
> slides was nice :-) - I still can't figure out if the following is 
> possible:
>
> Say I want to implement a taint analysis for some private helper 
> method in a library I want to analyze, i.e. I want to know if a 
> certain parameter of this method can be modified somehow by using only 
> public API calls. The library is HUGE and the helper method is used in 
> various places. But only the cases where the user would be able to 
> modify the parameter and also get hold of the returned result are of 
> interest. If such a path exists, I want to report it.
>
> What would be the general strategy for implementing an analysis like 
> this in clang? Implementing a custom checker do I need to re-compile 
> clang in order to run my analysis? Is there something like a client 
> API in clang to hand over my implemented analysis to clang and running 
> them without re-compilation? In particular extending clang makes 
> little sense as this check is really specific to this library.
>
> I apologize if these are stupid questions and I completely missed a 
> point somewhere!
>
> Kind regards,
> David
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev