[cfe-dev] [analyzer] How to analyzer the code after an indefinite loop?

Artem Dergachev via cfe-dev cfe-dev at lists.llvm.org
Tue Jul 28 12:34:11 PDT 2020 

Here's how you can find this out with the help of ExprInspection:


$ cat test.c

int f(int x, int flag)
{
   int i = 0;
   while(i < x)
     i++;

   clang_analyzer_warnIfReached();
}


$ clang --analyze -Xclang -analyzer-checker=debug.ExprInspection test.c

test.c:7:3: warning: REACHABLE [debug.ExprInspection]
   clang_analyzer_warnIfReached();
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.


Here's a slightly more interesting experiment:


$ cat test.c

int f(int x, int flag)
{
   int i = 0;
   while(i < x)
     i++;

   if (flag) {
     clang_analyzer_warnIfReached();
     clang_analyzer_numTimesReached();
     return i;
   } else {
     clang_analyzer_warnIfReached();
     clang_analyzer_numTimesReached();
     return 0;
   }
}


$ clang --analyze -Xclang -analyzer-checker=debug.ExprInspection test.c

test.c:8:5: warning: REACHABLE [debug.ExprInspection]
     clang_analyzer_warnIfReached();
     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
test.c:9:5: warning: 4 [debug.ExprInspection]
     clang_analyzer_numTimesReached();
     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
test.c:12:5: warning: REACHABLE [debug.ExprInspection]
     clang_analyzer_warnIfReached();
     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
test.c:13:5: warning: 1 [debug.ExprInspection]
     clang_analyzer_numTimesReached();
     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4 warnings generated.


Will you be able to figure out why is one branch reached 4 times while 
the other branch is reached only once? You can find all your answers on 
the exploded graph dump.


On 7/28/20 5:59 AM, Denis Petrov via cfe-dev wrote:
>
> Hi, community!
>
>
> A quick question.
>
>
> Is CSA Core able to analyze the code after some indefinite loop?
>
> E.g.
>
> void f(int x)
> {
>   int i = 0;
>   while(i < x)
>     i++;
>   // Interested in some code here!!
> }
>
>
> I found that Exploded graph grows going through the loop 4 times and 
> then stops to analyze the code further.
>
> P.S. I know about -analyzer-max-loop(4)​.
>
> ------------------------------------------------------------------------
> *Denys Petrov*
> Senior С++ Developer | Kharkiv, Ukraine
>
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20200728/a1714e2f/attachment.html>

More information about the cfe-dev mailing list