[GSoC 2016] Capture Tracking - False Positives

Hello Anna,

I've been looking into compiling a list of all of the false positives
in the current Capture Tracking Analysis, but I'm having a bit of
trouble getting my head around it all. I feel like I understand it at a
theoretical level but jumping into the implementation is quite
daunting.

I would appreciate any advice you could give to point me in the right
direction.

Many thanks,
Scott

Scott,

I think trying to get the list of *all* possible false positives in the capture tracking analysis will be a hard problem. Perhaps start with a couple and go through the implementation process.

You could start with trying to see which optimizations use the capture tracking calls PointerMayBeCaptured and PointerMayBeCapturedBefore (the flow insensitive version is used more often).

Then instrument the PointerMayBeCaptured code for the cases they return true. Run small/large code through these optimizations which call capture tracking and see if what’s returned as captured is actually captured.
This would give you some ideas on what’s being marked as captured, and a more concrete meaning for captured.

You can also query through phabricator to get a sense of existing false positives in capture tracking that have already been found and fixed. Example:
http://reviews.llvm.org/rL89421

Hope this helps.
Anna

Anna,

Thank you for this, I've been giving this a look over and will continue
to do so.

Many thanks,
Scott