query: using clang for static anlalysis

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

query: using clang for static anlalysis

Yadavendra Yadav
Hi,

 Am writing to you to check the applicability of Clang as a frontend to our static analysis engine.

 Our engine simulates runtime behavior of C/C++ programs statically; it typically requires the exact intended semantics to be captured as part of the AST. However, sometimes, we may live with incomplete simulation of semantics in corner cases.

 The input to our engine is millions of lines of mature, production quality code, sometimes highly legacy too; we cannot modify them for the analysis; these sources would span multiple dialects & are compilable by one of the several compilers (and versions thereof) that exist today

 We do not have the luxury of terminating the analysis due to parser failure; we do have the ability to live with incomplete information in corner cases though. All the above essentially means that we need a permissive parser that works out of the box for all the common dialects (like g++, msvc++, etc.) and almost works fine for the non-so-popular dialects.

 We could contribute back testcases, and perhaps other hacks as we create them

 Our software runs on Linux

 Please let us know if Clang would be applicable to us. Also, if you have any useful pointers in this regard, kindly share the same.

 Thanks,
 Yadavendra Yadav
_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: query: using clang for static anlalysis

Eli Friedman
On Mon, May 10, 2010 at 1:15 AM, Yadavendra Yadav <[hidden email]> wrote:
> Hi,
>
>  Am writing to you to check the applicability of Clang as a frontend to our
> static analysis engine.

clang is definitely usable for static analysis; in fact, a static
analyzer already exists.  See http://clang-analyzer.llvm.org/ .  KLEE
(http://klee.llvm.org/) might also be of interest.

>  Our engine simulates runtime behavior of C/C++ programs statically; it
> typically requires the exact intended semantics to be captured as part of
> the AST. However, sometimes, we may live with incomplete simulation of
> semantics in corner cases.
>
>  The input to our engine is millions of lines of mature, production quality
> code, sometimes highly legacy too; we cannot modify them for the analysis;
> these sources would span multiple dialects & are compilable by one of the
> several compilers (and versions thereof) that exist today
>
>  We do not have the luxury of terminating the analysis due to parser
> failure; we do have the ability to live with incomplete information in
> corner cases though. All the above essentially means that we need a
> permissive parser that works out of the box for all the common dialects
> (like g++, msvc++, etc.) and almost works fine for the non-so-popular
> dialects.

clang has good compatibility with g++, incomplete compatibility with
msvc++.  The best answer here is to try compiling some of the
codebases in question with clang.  It might be possible to do static
analysis even if there are errors; clang does construct an AST even in
the presence of errors.  How well that would work would probably
depend on the sorts of errors you run into; some "errors" (which are
really warnings at error severity) can be ignored, while others
indicate the AST will be incomplete.  You'll have a much easier time
if you allow making minor modifications to the code being analyzed,
especially if you need an accurate AST.

>  We could contribute back testcases, and perhaps other hacks as we create
> them

clang is under active active development; testcases are always welcome.

>  Our software runs on Linux

clang's Linux support is mature.

>  Please let us know if Clang would be applicable to us. Also, if you have
> any useful pointers in this regard, kindly share the same.

Good luck with your project.

-Eli

_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev