On May 26, 2009, at 11:22 AM, David Mandelin wrote:
Georgi Guninski wrote:
hi,
has someone tested clang for static analysis?
it doesn't seem to support c++ yet (just c and objective c).
example report of real application (adium im):
http://trac.adium.im/wiki/StaticAnalysis
I haven't tried it. From what I understand clang is a good parser
for C. C++ support is planned but doesn't exist yet. Given the
difficulty of parsing C++, I imagine it will take at least a few
years to make a really solid C++ parser.
I'm curious about the analyses that the clang bug-checker runs. The
main doc page doesn't say exactly what it does. From the link above,
I see that it tries to find null dereferences in C programs, which
is a really hard problem, especially for large programs.
C++ support in Clang is rapidly progressing, but because the Clang
static analyzer performs static analysis at the source level simply
having C++ parsing support does not imply immediate support in the
analyzer. Bringing that feature up will likely require active
participation from the open source community.
The clang analyzer currently does mostly local analysis, essentially
operating under the conservative approximation that the implementation
of the callee of functions/methods is unavailable for analysis. That
plan is to add more global analysis over time, hopefully over the next
year (time permitting).
The most polished checks in the clang analyzer have focused on
Objective-C related bugs (memory leaks and so forth), since that was
identified (given that the main analyzer development is funded by
Apple) as being the area having the most immediate impact given the
lack of an analyzer anywhere for Objective-C. While doing basic path-
sensitive analysis, however, the analyzer also flags cases of null
dereferences, uses of uninitialized values, returning the address of
stack memory, that all naturally fall out from the reasoning about
individual paths.
_______________________________________________
dev-static-analysis mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-static-analysis
