Hi clang,
The C++ analysis support is a WIP and i want to contribute to it, but i don’t know current state of C++ analysis support and where to get started.
Maybe i can try to fix some crashes at first?
And where can i get some small C++ codebases(as Crypto++)?
Hi Lei,
There are a variety of ways to get started. Roughly I can see the tasks broken down into three areas:
(1) Fix crashes/bugs in current C++ analysis functionality already supported.
(2) Add support for C++ expressions/etc. not currently handled by the analyzer.
(3) Large infrastructural changes, e.g., basic inter procedural analysis to (better handle things like RAII.
I would suggest starting with (1) or (2).
For (1), there are already some existing Bugzilla’s for specific issues. It’s not easy to get a query of all of them, and that’s something we should fix. You can also just run the analyzer over a bunch of C++ code and see what comes out. Identifying false positives, false negatives, and crashes, are all useful. Even just filing bug reports with reduced test cases is immensely useful.
For (2), a good place to look is in ExprEngine::Visit():
switch (S->getStmtClass()) {
// C++ and ARC stuff we don’t support yet.
case Expr::ObjCIndirectCopyRestoreExprClass:
case Stmt::CXXBindTemporaryExprClass:
case Stmt::CXXCatchStmtClass:
case Stmt::CXXDependentScopeMemberExprClass:
case Stmt::CXXForRangeStmtClass:
case Stmt::CXXPseudoDestructorExprClass:
case Stmt::CXXTemporaryObjectExprClass:
case Stmt::CXXThrowExprClass:
case Stmt::CXXTryStmtClass:
case Stmt::CXXTypeidExprClass:
case Stmt::CXXUuidofExprClass:
case Stmt::CXXUnresolvedConstructExprClass:
…
Gradually chipping away at this list directly expands the amount of C++ code the analyzer can handle.
Another option is to work on more C+±specific checkers.
Cheers,
Ted