On Tue, Apr 12, 2011 at 10:00 AM, sa...@hederstierna.com <fred...@hederstierna.com> wrote: > Hi > > Richard, I've implemented a simple nop-pass as you described and are now > investigating a path forward for static code analysis. > I'm trying to modify eg. cp-pass to be able to call these workers from my > analysis pass. > > I found some other work though done by Alexander Ivanov Sotirov called > "Vulncheck". > Available patch at "http://gcc.vulncheck.org/";. > It seems to contain some work that might be useful to continue on? > Why was not this patch applied to GCC trunk?
I don't remember that it was even proposed. It also seems to plug in late, after optimizations have been applied. > A question from Sotirov about additional features was unanswered or done > off-list? > http://gcc.gnu.org/ml/gcc/2007-09/msg00549.html Looks like a simple IL question, and I guess he is refering to the virtual SSA operands which I would suggest to completely ignore for static analysis purposes (and in fact their implementation and use is much simplified in todays GCC). > I guess the constant propagation etc is done by other workers/passes in GCC > today, so its better to use the available workers. > But when starting reading his paper, it seems to me that some parts could be > usable? I didn't read his paper, but I thought one important aspect of good static analysis is to perform it on (nearly) the original program. Re-using existing SSA value-numberings (without doing code modifications) might be a good idea, but is of course not necessary. > Also Sotirov have a "ssa-tree" approach to analysis rather than Volanchi > (http://mygcc.free.fr) that using pretty-printer and pattern matching > approach. > (Which as I understand stopped this patch from being applied to official GCC.) I don't know. > Or is it even better just to do it as a plugin-pass using MELT or something > similar? It really depends on what ultimate goal you have. As for improving the GCC codebase itself I think we all mostly agree that it would be nice to get rid of most "optimization based" warnings - but we also like to retain their preciseness in some form. Spending some extra compile-time for a limited set of static checks by doing some data-flow analysis sounds like a way to get that. And if we do it somewhen early after going into SSA then that data-flow is moderately easy and we'd retain the advantage of having common code that works with all frontends. So, anything that moves us into that direction, even if it is just infrastructure, would be nice to integrate into GCC itself. Of course working with GCC can be a pain - you need to obtain a copyright assignment, get attention to your patches, etc. - so it might be a more pleasant working experience for you to work on a plugin instead (for example if you do this merely for research purposes). Richard.
