[cfe-dev] Implementing Path Sensitive CallLogging with StaticAnalyzer?
Zhang via cfe-dev
cfe-dev at lists.llvm.org
Thu Dec 9 22:59:50 PST 2021
Hi:
I'm trying to implement a custom tool that does Path-Sensitive analysis on a c source code, and lists all calls to a specific C function in the order they'll be called, rooting from main.
For such calls found in a loop, we require the loop to be statically reducible and warns the user if this is not the case.
What I've tried so far is to use REGISTER_LIST_WITH_PROGRAMSTATE to create a list of CallExprs, and add the state in checkPreCall, as demonstrated below:
```
void checkPreCall(const CallEvent &msg, CheckerContext &C) const {
if (isa<SimpleFunctionCall>(msg)) {
// Check Callee is the C function needed
const SimpleFunctionCall &sfc = cast<SimpleFunctionCall>(msg);
C.addTransition(C.getState()->add<CallList>(sfc.getOriginExpr()));
}
}
```
Then, in checkEndAnalysis, iterate ExplodedGraph's eops.
My question is:
- How do I limit the path being explored to start and end in main() ?
- How do I detect the function is being called in a irreducible loop?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20211210/f8496e9d/attachment.html>
More information about the cfe-dev
mailing list