Inter procedural analysis in CLang


I’d like to perform static analysis using CLang. I took a look at the GRCoreEngine class which seems like the place to go for this, but i see that it performs intra-procedural analysis only.

Can i perform an inter-procedural analysis in CLang? Would i need to adjust GRCoreEngine for that?

Also, if anyone can point me to a tutorial on CLang bases analysis i would be ever so grateful.


Hi Nimrod,

Inter-procedural analysis is a feature we are working on in GRExprEngine/GRCoreEngine, but is not yet mature (and we have a long way to go). Currently there is some support for doing inter-procedural analysis via function call inlining, but this isn’t really going to be highly scalable. One possible direction is to support general inter-procedural analysis via function summaries, but that work hasn’t commenced yet. We also don’t have the infrastructure in place yet to do analysis across translation units, since the analyzer is invoked (in isolation) on each separate source file.

I see, thanks for the update. Good chance my thesis is will be using the engine so i’ll be able to contribute.