[cfe-dev] [GSoC 2019] Apply the Clang Static Analyzer to LLVM-based projects - final report

[Artem Dergachev via cfe-dev]

+Simon because he has enthusiastically looked at the state of things 
just before we started: 
http://lists.llvm.org/pipermail/llvm-dev/2019-May/132196.html

Also +Devin.

Also, Simon: do you know how does https://llvm.org/reports/scan-build/ 
usually get updated? It doesn't seem to be in the www repo and it's now 
super outdated, given the amount of change that Csaba unleashed upon us 
this summer.

I suggest that from now on we pay more attention to these reports, 
because even though there are still a lot of them, and still definitely 
not all of them constitute real crashes, they make *much* more sense 
today than they used to some three months ago. Almost all warnings are 
actionable and promote better, safer code.

I just spent 2-3 hours cleaning up ~20 warnings on the static analyzer 
itself, which included writing a test for one real crash that i found 
that way (and attempting to do the same for a few more potential 
crashes). The results are in https://reviews.llvm.org/D66847. My 
(heavily biased) opinion is that it was worth every minute and i 
basically encourage everybody to try this out again.


On 8/26/19 10:23 AM, Csaba Dabis wrote:
> Hey everyone!
>
> This Summer we managed to make the Clang Static Analyzer support the 
> LLVM and
> LLVM-based projects with my mentors Artem Dergachev and Gabor Horvath.
>
> For a more detailed documentation please visit my final report:
> https://docs.google.com/document/d/1o9-xEWbzivUGKIOXp9jUNZYq0mkecd5KH5dBN5Hdlu8/
>
> The project in a nutshell: I have fixed the most annoying false 
> positives and
> added support for the custom RTTI of LLVM which became a huge true 
> positive
> boost as we now emit warnings on misuse of LLVM casting APIs. All of 
> my patches
> (except one D65239) are upstreamed and on by default. The remaining 
> work is to
> fix the less annoying and not so common false positives.