Extending the static analyzer with your own checkers
Thanks to its design, we can easily extend the static analyzer with custom checkers. Remember that a static analyzer is as good as its checkers, and if you want to analyze whether any code uses one of your APIs in an unintended way, you need to learn how to embed this domain-specific knowledge into the Clang Static Analyzer.
Getting familiar with the project architecture
The Clang Static Analyzer source code lives at llvm/tools/clang
. The include files are at include/clang/StaticAnalyzer
, and the source code can be found at lib/StaticAnalyzer
. If you look at the folder content, you will observe that the project is split into three different subfolders: Checkers
, Core
, and Frontend
.
The task of the core is to simulate program execution at the source-code level and, using a visitor pattern, to call registered checkers at each program point (prior or after an important statement) to enforce a given invariant. For example, if your checker ensures...