How to change the Clang Static Analyzer checking way

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

How to change the Clang Static Analyzer checking way

Renato Golin via cfe-dev
Hi, Dear cfe-dev,

For Clang Static Analyzer, we are interested in it very much. I'm planning to implements such checking ways for my projects:

(1) When there are two same defects in the same function, we hope to find and report them all out, for example, if there are two divided by zero errors:

int main() {
    int n = 0;
    int a = 10;
    a = a/n;                     // Clang Static Analyzer will report div zero bug here, and will stop to check the following codes.
    a = 10/n;                   // I hope to report this div zero bug also, how to do?
}

(2) I hope to continue to complete the static analysis, even if the source code has compling errors, how to deal with it?

Regards,



_______________________________________________
cfe-dev mailing list
[hidden email]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: How to change the Clang Static Analyzer checking way

Renato Golin via cfe-dev
Hi,

When there is a fatal error found in the code there is no way to meaningfully update the analysis state and continue the analysis. This implies once the analyzer finds a fatal error on a path the analysis will stop there and no additional bugs will be reported from that path. This is by design and the alternatives we have would introduce additional false positives.

If you have compilation errors, you do not have a complete representation of the code in Clang. The static analyzer does not support the analysis of incomplete ASTs. Running the analyzer on incomplete AST would result in spurious warnings and bad user experience.

Cheers,
Gabor

On Sat, 5 Oct 2019 at 10:37, [hidden email] via cfe-dev <[hidden email]> wrote:
Hi, Dear cfe-dev,

For Clang Static Analyzer, we are interested in it very much. I'm planning to implements such checking ways for my projects:

(1) When there are two same defects in the same function, we hope to find and report them all out, for example, if there are two divided by zero errors:

int main() {
    int n = 0;
    int a = 10;
    a = a/n;                     // Clang Static Analyzer will report div zero bug here, and will stop to check the following codes.
    a = 10/n;                   // I hope to report this div zero bug also, how to do?
}

(2) I hope to continue to complete the static analysis, even if the source code has compling errors, how to deal with it?

Regards,


_______________________________________________
cfe-dev mailing list
[hidden email]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev

_______________________________________________
cfe-dev mailing list
[hidden email]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: How to change the Clang Static Analyzer checking way

Renato Golin via cfe-dev
Hi, 
Thanks for your answer, Gabor. I understand what you are saying.  In my situation, it can be acceptable to have some false positives. The most important is, to report as many bugs in one time analysis would be much more efficient for a quick development-testing cycle, such as in a CI environment. So, I want to hacking it to make some change based on the standard Clang Static Analyzer. I'm reading the source code now, but I need some guide on this, where should I start the work.

Regards,
 

 
Date: 2019-10-05 17:29
Subject: Re: [cfe-dev] How to change the Clang Static Analyzer checking way
Hi,

When there is a fatal error found in the code there is no way to meaningfully update the analysis state and continue the analysis. This implies once the analyzer finds a fatal error on a path the analysis will stop there and no additional bugs will be reported from that path. This is by design and the alternatives we have would introduce additional false positives.

If you have compilation errors, you do not have a complete representation of the code in Clang. The static analyzer does not support the analysis of incomplete ASTs. Running the analyzer on incomplete AST would result in spurious warnings and bad user experience.

Cheers,
Gabor

On Sat, 5 Oct 2019 at 10:37, [hidden email] via cfe-dev <[hidden email]> wrote:
Hi, Dear cfe-dev,

For Clang Static Analyzer, we are interested in it very much. I'm planning to implements such checking ways for my projects:

(1) When there are two same defects in the same function, we hope to find and report them all out, for example, if there are two divided by zero errors:

int main() {
    int n = 0;
    int a = 10;
    a = a/n;                     // Clang Static Analyzer will report div zero bug here, and will stop to check the following codes.
    a = 10/n;                   // I hope to report this div zero bug also, how to do?
}

(2) I hope to continue to complete the static analysis, even if the source code has compling errors, how to deal with it?

Regards,


_______________________________________________
cfe-dev mailing list
[hidden email]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev

_______________________________________________
cfe-dev mailing list
[hidden email]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: How to change the Clang Static Analyzer checking way

Renato Golin via cfe-dev
If you want a quick hack, you may want to take a look at CheckerContext::generateErrorNode, and redirect it to CheckerContext::generateNonFatalErrorNode. Though who knows what mighty demons will that unleash :) 

On Sat, 5 Oct 2019 at 13:43, [hidden email] via cfe-dev <[hidden email]> wrote:
Hi, 
Thanks for your answer, Gabor. I understand what you are saying.  In my situation, it can be acceptable to have some false positives. The most important is, to report as many bugs in one time analysis would be much more efficient for a quick development-testing cycle, such as in a CI environment. So, I want to hacking it to make some change based on the standard Clang Static Analyzer. I'm reading the source code now, but I need some guide on this, where should I start the work.

Regards,
 

 
Date: 2019-10-05 17:29
Subject: Re: [cfe-dev] How to change the Clang Static Analyzer checking way
Hi,

When there is a fatal error found in the code there is no way to meaningfully update the analysis state and continue the analysis. This implies once the analyzer finds a fatal error on a path the analysis will stop there and no additional bugs will be reported from that path. This is by design and the alternatives we have would introduce additional false positives.

If you have compilation errors, you do not have a complete representation of the code in Clang. The static analyzer does not support the analysis of incomplete ASTs. Running the analyzer on incomplete AST would result in spurious warnings and bad user experience.

Cheers,
Gabor

On Sat, 5 Oct 2019 at 10:37, [hidden email] via cfe-dev <[hidden email]> wrote:
Hi, Dear cfe-dev,

For Clang Static Analyzer, we are interested in it very much. I'm planning to implements such checking ways for my projects:

(1) When there are two same defects in the same function, we hope to find and report them all out, for example, if there are two divided by zero errors:

int main() {
    int n = 0;
    int a = 10;
    a = a/n;                     // Clang Static Analyzer will report div zero bug here, and will stop to check the following codes.
    a = 10/n;                   // I hope to report this div zero bug also, how to do?
}

(2) I hope to continue to complete the static analysis, even if the source code has compling errors, how to deal with it?

Regards,


_______________________________________________
cfe-dev mailing list
[hidden email]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
_______________________________________________
cfe-dev mailing list
[hidden email]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev

_______________________________________________
cfe-dev mailing list
[hidden email]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: How to change the Clang Static Analyzer checking way

Renato Golin via cfe-dev
Yes, I tried it, it works :) and, I didn't see the unleashed demons until now yet... 

Regards, 
 

 
Date: 2019-10-05 20:33
Subject: Re: [cfe-dev] How to change the Clang Static Analyzer checking way
If you want a quick hack, you may want to take a look at CheckerContext::generateErrorNode, and redirect it to CheckerContext::generateNonFatalErrorNode. Though who knows what mighty demons will that unleash :) 

On Sat, 5 Oct 2019 at 13:43, [hidden email] via cfe-dev <[hidden email]> wrote:
Hi, 
Thanks for your answer, Gabor. I understand what you are saying.  In my situation, it can be acceptable to have some false positives. The most important is, to report as many bugs in one time analysis would be much more efficient for a quick development-testing cycle, such as in a CI environment. So, I want to hacking it to make some change based on the standard Clang Static Analyzer. I'm reading the source code now, but I need some guide on this, where should I start the work.

Regards,
 

 
Date: 2019-10-05 17:29
Subject: Re: [cfe-dev] How to change the Clang Static Analyzer checking way
Hi,

When there is a fatal error found in the code there is no way to meaningfully update the analysis state and continue the analysis. This implies once the analyzer finds a fatal error on a path the analysis will stop there and no additional bugs will be reported from that path. This is by design and the alternatives we have would introduce additional false positives.

If you have compilation errors, you do not have a complete representation of the code in Clang. The static analyzer does not support the analysis of incomplete ASTs. Running the analyzer on incomplete AST would result in spurious warnings and bad user experience.

Cheers,
Gabor

On Sat, 5 Oct 2019 at 10:37, [hidden email] via cfe-dev <[hidden email]> wrote:
Hi, Dear cfe-dev,

For Clang Static Analyzer, we are interested in it very much. I'm planning to implements such checking ways for my projects:

(1) When there are two same defects in the same function, we hope to find and report them all out, for example, if there are two divided by zero errors:

int main() {
    int n = 0;
    int a = 10;
    a = a/n;                     // Clang Static Analyzer will report div zero bug here, and will stop to check the following codes.
    a = 10/n;                   // I hope to report this div zero bug also, how to do?
}

(2) I hope to continue to complete the static analysis, even if the source code has compling errors, how to deal with it?

Regards,


_______________________________________________
cfe-dev mailing list
[hidden email]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
_______________________________________________
cfe-dev mailing list
[hidden email]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev

_______________________________________________
cfe-dev mailing list
[hidden email]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev