[cfe-dev] Cross Translational Unit Analysis in Clang Static Analyzer

Fri Mar 31 09:03:12 PDT 2017

Hello Daniel & Gabor. Thank you very much for your work!

I saw the patch and found it mostly familiar for me. But, unfortunately, 
now I cannot find enough time to make its review (my solutions that were 
implemented 2 years ago need some revisiting too).

I can try to do this review incrementally, by small chunks, if you are 
OK with it. But it will still take time. Sorry for this inconvenience.

31.03.2017 18:28, Dániel Krupp via cfe-dev пишет:
>
> Hi All,
>
> at the EuroLLVM’17 conference we presented our results  about a new 
> analysis mode in clang static analyzer: Cross Translational Unit analysis.
>
> See patch https://reviews.llvm.org/D30691 
> <https://reviews.llvm.org/D30691>
>
> which is based on the work of A. Sidorin et al. 
> http://lists.llvm.org/pipermail/cfe-dev/2015-October/045730.html, but 
> without function summaries and updated to the newest Clang.
>
> The CTU mode allows the analyzer to “inline” function calls that are 
> defined in another TU than the one currently analyzed.
>
> So it allows to find bugs that span multiple source files.
>
> Without this patch the static analyzer engine, when meets an external 
> function call,
>
> cannot reason about the return value of a function (unknown) and the 
> pointed values, references passed to a function as parameter are 
> invalidated.
>
> You can find a full patched clang 4.0 (use it with llvm commit 
> 01609a325b5f85d88e3ab5c7d470409092436cb2 )
>
> https://github.com/dkrupp/clang/tree/ctu-master
>
> We have run the analysis on some reasonably-sized  (ffmpeg, curl, vim, 
> openssl, postgresql) open source C projects and found many additional 
> true positive reports compared to the traditional single TU mode in 
> all projects.
>
> This indicates that this feature would give many new results on any 
> project.
>
> We measured the heap usage, the analysis time and the number of new 
> findings.
>
> You can find the detailed comparison results here:
>
> http://cc.elte.hu/clang-ctu/
>
> In summary, the number of reported bugs is ~1.5-5x times the original 
> single TU analysis, at the cost of 1.5-5x higher analysis time, 1.5-5x 
> max heap usage (roughly in proportion to the increase in the number of 
> reported faults).
>
> The design concept is described shortly in this document: 
> http://cc.elte.hu/clang-ctu/eurollvm17/abstract.pdf
>
> If you would like to try this analysis mode on your project please 
> find the description of the 2 new additional analyzer scripts here:
>
> https://github.com/dkrupp/clang/blob/ctu-master/tools/xtu-build-new/readme.md
>
> Would be  happy to hear your opinion and experiences with this feature 
> and would appreciate your help in reviewing the patch.
>
> Thanks & Regards,
>
> Daniel
>
>
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev

-- 
Best regards,
Aleksei Sidorin,
SRR, Samsung Electronics

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20170331/d9c3bdfa/attachment.html>