[cfe-dev] Cross Translational Unit Analysis in Clang Static Analyzer
Aleksei Sidorin via cfe-dev
cfe-dev at lists.llvm.org
Fri Mar 31 09:03:12 PDT 2017
Hello Daniel & Gabor. Thank you very much for your work!
I saw the patch and found it mostly familiar for me. But, unfortunately,
now I cannot find enough time to make its review (my solutions that were
implemented 2 years ago need some revisiting too).
I can try to do this review incrementally, by small chunks, if you are
OK with it. But it will still take time. Sorry for this inconvenience.
31.03.2017 18:28, Dániel Krupp via cfe-dev пишет:
>
> Hi All,
>
> at the EuroLLVM’17 conference we presented our results about a new
> analysis mode in clang static analyzer: Cross Translational Unit analysis.
>
> See patch https://reviews.llvm.org/D30691
> <https://reviews.llvm.org/D30691>
>
> which is based on the work of A. Sidorin et al.
> http://lists.llvm.org/pipermail/cfe-dev/2015-October/045730.html, but
> without function summaries and updated to the newest Clang.
>
> The CTU mode allows the analyzer to “inline” function calls that are
> defined in another TU than the one currently analyzed.
>
> So it allows to find bugs that span multiple source files.
>
> Without this patch the static analyzer engine, when meets an external
> function call,
>
> cannot reason about the return value of a function (unknown) and the
> pointed values, references passed to a function as parameter are
> invalidated.
>
> You can find a full patched clang 4.0 (use it with llvm commit
> 01609a325b5f85d88e3ab5c7d470409092436cb2 )
>
> https://github.com/dkrupp/clang/tree/ctu-master
>
> We have run the analysis on some reasonably-sized (ffmpeg, curl, vim,
> openssl, postgresql) open source C projects and found many additional
> true positive reports compared to the traditional single TU mode in
> all projects.
>
> This indicates that this feature would give many new results on any
> project.
>
> We measured the heap usage, the analysis time and the number of new
> findings.
>
> You can find the detailed comparison results here:
>
> http://cc.elte.hu/clang-ctu/
>
> In summary, the number of reported bugs is ~1.5-5x times the original
> single TU analysis, at the cost of 1.5-5x higher analysis time, 1.5-5x
> max heap usage (roughly in proportion to the increase in the number of
> reported faults).
>
> The design concept is described shortly in this document:
> http://cc.elte.hu/clang-ctu/eurollvm17/abstract.pdf
>
> If you would like to try this analysis mode on your project please
> find the description of the 2 new additional analyzer scripts here:
>
> https://github.com/dkrupp/clang/blob/ctu-master/tools/xtu-build-new/readme.md
>
> Would be happy to hear your opinion and experiences with this feature
> and would appreciate your help in reviewing the patch.
>
> Thanks & Regards,
>
> Daniel
>
>
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
--
Best regards,
Aleksei Sidorin,
SRR, Samsung Electronics
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20170331/d9c3bdfa/attachment.html>
More information about the cfe-dev
mailing list