Clang Analysis of several open source projects.

Clang Frontend
1

Erik,
I too have been bothered by the lack of sophistication in static analyzers, my most recent was
something like this:

int foo ()
{
if (…) {
return x;
} else switch (…) {
case 1: return y;
default: return z;
}
}

and the compiler complained that the function could run-off-the-end without returning a value.!.

(the problem was with gcc, I have not tried clang on my code yet, since that would require clang/llvm
self-hosting, which I am not sure works yet ?)

as this email-thread has evolved into a discussion of what is necessarily missed by not doing
inter-procedural (whole-program) analysis, I am still confounded by what is not being done that
could be done with intra-procedural analysis which is very much more doable (and again, maybe
clang is already doing better in that department than gcc, but I have not yet done the experiment
to find out…)

so, what I am really trying to say is this: static analysis (and also dynamic analysis) should be
implemented by folks that are very familiar with optimization theory, since avoiding false-positives
is very often necessarily going to rely on some form of iterative-data-flow analysis, which while
fairly simple conceptually, isn’t typically understood well enough by pure “front-end” only folks
that are traditionally given the task of implementing these analyses. — well, perhaps I am over-
analyzing the situation a bit, but I do think things could stand some improvement anyway.

just my $0.02, your milage may vary…

-Peter Lawrence.

2

This has been working since ~March 2010.

3

Erik,
      I too have been bothered by the lack of sophistication in static analyzers, my most recent was
something like this:

  int foo ()
  {
    if (...) {
      return x;
    } else switch (...) {
    case 1: return y;
    default: return z;
    }
  }

and the compiler complained that the function could run-off-the-end without returning a value.!.

"The compiler" == GCC, which isn't at all relevant to a discussion of Clang or its static analyzer.

(the problem was with gcc, I have not tried clang on my code yet, since that would require clang/llvm
self-hosting, which I am not sure works yet ?)

It appears that you have some reading to do. Clang has been self-hosting for more than a year

  Clang Successfully Self-Hosts! - The LLVM Project Blog

and is considered to be a production-quality compiler on Mac/Linux/FreeBSD.

Of course, self-hosting wouldn't have been necessary for you to try your 10-line experiment.

as this email-thread has evolved into a discussion of what is necessarily missed by not doing
inter-procedural (whole-program) analysis, I am still confounded by what is not being done that
could be done with intra-procedural analysis which is very much more doable (and again, maybe
clang is already doing better in that department than gcc, but I have not yet done the experiment
to find out...)

Perhaps you should do the experiment before assuming that all compilers behave in the same manner? Clang has no problems with your example, a fact that you could have verified quite easily.

so, what I am really trying to say is this: static analysis (and also dynamic analysis) should be
implemented by folks that are very familiar with optimization theory, since avoiding false-positives
is very often necessarily going to rely on some form of iterative-data-flow analysis, which while
fairly simple conceptually, isn't typically understood well enough by pure "front-end" only folks
that are traditionally given the task of implementing these analyses. --- well, perhaps I am over-
analyzing the situation a bit, but I do think things could stand some improvement anyway.

Presumably, you realize that your caricature of the developers in this forum is offensive, and that your opinions will carry no weight so long as you are unwilling to spend even a modicum of effort to verify your claims. If you wish to participate in technical discussions here, we expect you to be civil, constructive, and informed.

  - Doug

4

Doug,
            OK, I probably deserved that ! message received...

-Peter Lawrence.