[cfe-dev] path traversal on ExplodedGraph of clang static analyzer

Kihong Heo via cfe-dev cfe-dev at lists.llvm.org
Thu Feb 22 21:52:25 PST 2018


Hi all,

I implemented a simple checker on the static analysis framework.
However, I don’t quite understand how the underlying analyzer behave, especially
it traverses in a strange way on ExplodedGraph.

In checkEndAnalysis, my program just visits (DFS) and prints source code locations.
Here is an example:

     1  int main(int argc, char** argv){
     2    if(argc>10){
     3      int x = 1;
     4      int y = 2;
     5      int z = 3;
     6    }
     7
     8    int a = 1;
     9    int b = 2;
    10    return 0;
    11  }

The output is sequences of line numbers. I have two paths here.
[2-8-9-5-8-9] and [2-8-9]
The latter one makes sense but why does it produce the first one? line 9 to 5?

Is there any document for the internal behavior of Clang Static Analyzer?

Thanks,
Kihong


More information about the cfe-dev mailing list