Newbie question

10+ years ago I wrote a whole slew of static analysis checks for Java including some code duplication checking, complexity metrics, etc.

I'm looking to port some or all of them to clang — for now specifically to check Objective-C code but there's no reason they couldn't be used for more than that.

I've successfully managed to get a skeleton checker compiled in and run but I'm now largely stumped.

My specific question to get me over the first hurdle is how to I get call backs when visiting a function/method declaration?

Sorry if this has all be asked before.

Simon

Simon,

Are you writing a path-sensitive checker or just an AST visitor?

If you have not looked at this yet, here are the bits of documentation we have available. It’s very rudimentary and we are planning on extending it in the near future.
http://clang-analyzer.llvm.org/checker_dev_manual.html
http://clang.llvm.org/doxygen/classento_1_1CheckerDocumentation.html

It might be helpful to look at the existing checkers and use them as examples. For example, NSErrorChecker.cpp contains a non-path sensitive check that visits function/method declarations. AttrNonNullChecker is path sensitive and it registers a callback on all calls.

Cheers,
Anna.

Hi Anna,

Simon,

Are you writing a path-sensitive checker or just an AST visitor?

A bit of both actually. Although I guess that depends on how “sensitive” we need to be. Mostly I just want to count certain things within methods and given that methods can’t be nested, I could use the context to just set/reset the current count while visiting each node in an AST.

If you have not looked at this yet, here are the bits of documentation we have available. It’s very rudimentary and we are planning on extending it in the near future.
http://clang-analyzer.llvm.org/checker_dev_manual.html
http://clang.llvm.org/doxygen/classento_1_1CheckerDocumentation.html

I have read these pages which is how I got a skeleton up and “running”. My ultimate goal is to have these checks run inside Xcode while building Mac/iOS applications so I’d love some guidance on that score too. Building a completely custom binary seemed, at face value, to be the simplest but least appealing approach.

Ideally I’d somehow configure them as “plugins” from within an Xcode project but for now, while I’m learning, a custom binary seems the easiest.

It might be helpful to look at the existing checkers and use them as examples. For example, NSErrorChecker.cpp contains a non-path sensitive check that visits function/method declarations. AttrNonNullChecker is path sensitive and it registers a callback on all calls.

Oh thanks for the heads up on that. I looked at some of the checkers but hadn’t managed to look at all of them. I shall check out both.

Thank you so much for getting back to me.

Simon

Hi Anna,

Simon,

Are you writing a path-sensitive checker or just an AST visitor?

A bit of both actually. Although I guess that depends on how “sensitive” we need to be. Mostly I just want to count certain things within methods and given that methods can’t be nested, I could use the context to just set/reset the current count while visiting each node in an AST.

Path sensitive checkers use symbolic execution to explore all paths through the program as opposed to working with the AST. (Ex: As described in Ted’s very old talk: http://llvm.org/devmtg/2008-08/Kremenek_StaticAnalyzer.pdf).

If you have not looked at this yet, here are the bits of documentation we have available. It’s very rudimentary and we are planning on extending it in the near future.
http://clang-analyzer.llvm.org/checker_dev_manual.html
http://clang.llvm.org/doxygen/classento_1_1CheckerDocumentation.html

I have read these pages which is how I got a skeleton up and “running”. My ultimate goal is to have these checks run inside Xcode while building Mac/iOS applications so I’d love some guidance on that score too. Building a completely custom binary seemed, at face value, to be the simplest but least appealing approach.

Ideally I’d somehow configure them as “plugins” from within an Xcode project but for now, while I’m learning, a custom binary seems the easiest.

As of Xcode 4.5, you can use CLANG_ANALYZER_EXEC build setting to point Xcode to your clang for analyzes. You can also use CLANG_ANALYZER_OTHER_CHECKERS to list the additional checkers.

Path sensitive checkers use symbolic execution to explore all paths through the program as opposed to working with the AST. (Ex: As described in Ted’s very old talk: http://llvm.org/devmtg/2008-08/Kremenek_StaticAnalyzer.pdf).

Ahhh ok that makes much more sense now. Thank you. I presume in my case I can just use an AST visitor and keep state inside the instance of the checker. Fantastic. Much simpler.

As of Xcode 4.5, you can use CLANG_ANALYZER_EXEC build setting to point Xcode to your clang for analyzes. You can also use CLANG_ANALYZER_OTHER_CHECKERS to list the additional checkers.

Great, thank you again!