[cfe-dev] Need help in implementing custom static analysis

[Pierre Graux via cfe-dev]

Hello, 

I am new to clang development and I would like to have your 
opinion on how I can do a specific task. 

I want to add a static analysis to the compilation of C++ part of 
Android applications (clang is the default compiler). 

During this analysis I want to locate the call of specific functions 
and then determine the type of the right value of the last 
assignation of their arguments. 

For example, if I track functions f1 and f2 in the following snippet: 
" 
unsigned long x1 = 0; 
unsigned int x2 = 0; 
unsigned char x3 = 0; 

x1 = malloc(...); 
x2 = 42; 
x3 = 'x'; 
x2 = x3; 

f1(x1); 
f2(x2); 
" 
The analysis should return me "f1, void*" and "f2, unsigned char". 

Ideally, this analysis should generate a warning during the 
compilation process (depending on other conditions not mentioned 
here). However, if it is an external tool it is fully acceptable. 

I don't know if this kind of analysis is already present in clang but 
I think that it will be easier to implement it over CFG of llvm IR 
than over clang AST. 

I have looked at clang and llvm documentation but the different 
methods that I have seen do not seem to fulfill my requirements: 
- libclang or clang plugin: it seems that I can only access to the AST. 
- llvm pass: I won't be able to generate a warning. 

Do you have any advice about which interface I should use? Do you know 
any project/tool that could be good example and inspire me? 

Thank you very much, 

Pierre GRAUX 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20191123/9c195a2c/attachment.html>