[cfe-dev] path traversal on ExplodedGraph of clang static analyzer
Kihong Heo via cfe-dev
cfe-dev at lists.llvm.org
Thu Feb 22 21:52:25 PST 2018
Hi all,
I implemented a simple checker on the static analysis framework.
However, I don’t quite understand how the underlying analyzer behave, especially
it traverses in a strange way on ExplodedGraph.
In checkEndAnalysis, my program just visits (DFS) and prints source code locations.
Here is an example:
1 int main(int argc, char** argv){
2 if(argc>10){
3 int x = 1;
4 int y = 2;
5 int z = 3;
6 }
7
8 int a = 1;
9 int b = 2;
10 return 0;
11 }
The output is sequences of line numbers. I have two paths here.
[2-8-9-5-8-9] and [2-8-9]
The latter one makes sense but why does it produce the first one? line 9 to 5?
Is there any document for the internal behavior of Clang Static Analyzer?
Thanks,
Kihong
More information about the cfe-dev
mailing list