[analyzer] Cross-function and cross TU CFG analysis


Does Clang Static Analyzer/Clang Tidy support cross function and cross
translation unit CFG analysis?

Cross TU means I have a function `foo` in one TU; `foo` calls `bar'
which is defined in another TU.

Cross function means I have a function `foo` which calls `bar` function.
And I want to analyze 'bar' CFG with some information from 'foo' CFG.

Thank you.

Hmm, i’m not aware of any of these. All of our libAnalysis analyses are intra-procedural, as far as i’m aware of.

Technically, it’s as easy as any other cross-function analysis - you have access to all CFGs within the current translation unit, so you have all the information you’ll ever need and you can be as stateful as you want when it comes to analyzing CFGs within the same translation unit, and it becomes more annoying across translation units. Theoretically, however, a good and generic-enough interprocedural data flow analysis technique is pretty hard to come up with.

We should eventually come up with such analyses when we start to tackle the idea of summary-based analysis for the Static Analyzer: function summaries should rather be CFG/data-flow/must-problem-based than symbolic-execution-based in order to get around the variety of issues collectively known under the name of “the inlined defensive checks problem”.