Inside a Static Analyser Type System

Inside a Static Analyser Type System
Slide Note
Embed
Share

A glimpse into the world of static analyzers and the intricacies of a C/C++ developer's work on a code analyzer. Explore the components, functionalities, types, and challenges faced in this realm. Dive into the details of representing C and C++ types, compiler optimizations, diagnostic rules, and more.

  • Static Analyzers
  • C/C++ Development
  • Code Analysis
  • Compiler Optimizations
  • Type Systems
cull_u
cull_u Follow

Uploaded on Mar 06, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Inside a static analyser Type system

  2. About me A C++ developer at PVS-Studio. Working on the core functionality and diagnostic rules of the C/C++ static code analyzer. 2

  3. What is this about We'll take a look at: What a static analyser is What's inside of it One specific aspect representing C and C++ types Our story of change 3

  4. A static analyser? Compiler Middle end Optimisations Frontend IR Syntax Semantics Types IR Backend Code generation 4

  5. A static analyser? Static analyser Frontend Diagnostics Syntax Semantics Types These are like compiler warnings, but somewhat more comprehensive. 5

  6. A static analyser? Compiler Compiler Middle end Middle end Backend Backend Code Code Frontend Diagnostics Diagnostics Log Log Statis analyser Statis analyser 6

  7. Back to types Built in types User-defined types Derived types Structure Array Integral Class Function void Union Pointer Floating-point Enum Reference 7

  8. Representing types 1 2 const int* P C i \0 8

  9. Encoding Pros Cons Slow Involves inefficient algorithms Multiple passes might be needed Overall inconvenient to work with Better locality (cache-friendly) ??? 9

  10. One tiny issue 10

  11. Another tiny issue int *p; Pi class MyClass { int x; }; \aMyClass FiPPCc-i int main(int argc, const char **argv); std::array<MyClass, 10> arr; Q \x2 \x3stdT \x5array \x15 \aMyClass*12345678 11

  12. Huge problems auto someType = // get type info about some entity if (!someType.IsFunction()) { return false; } A quick "bug-out" check // a very computation-heavy piece of code goes here Or is it? 12

  13. Huge problems bool TypeInfo::IsFunction() { Normalize(); auto e = m_env; auto ptr = SkipCvde(m_encode, e); return ptr && *ptr == 'F'; } How many loops? 13

  14. Let's estimate TypeInfo::Normalize Check cv-qualifiers Traverse string, set internal fields Resolve typedefs Go and look in the symbol table Figure out template arguments Voodoo magic here Extract class info Go and look in the symbol table 14

  15. Let's estimate TypeInfo::Normalize Loop Check cv-qualifiers Traverse string, set internal fields Recursion ??? Resolve typedefs Go and look in the symbol table Figure out template arguments Recursion Voodoo magic here Extract class info Go and look in the symbol table Recursion 15

  16. So? Checking what something is MUST be O(1). It's that simple 16

  17. The better system 17

  18. But first... 18

  19. Structure Type Id Canonical type Builtin Pointer Reference Function Class Alias etc. Derived classes Specific info 19

  20. Id auto someType = // get type info about some entity if (!someType.IsA(TypeId::Function)) { return false; } A quick "bug-out" check // a very computation-heavy piece of code goes here Or is it? 20

  21. Id template <typename TypeId, typename ...TypeIds> bool IsA(TypeId id, TypeIds ...ids) const noexcept { return ((What() == id) || ... || (What() == ids)); } { return m_id; // enum class Id : uint8_t } 21

  22. Canonical type int a = 42; Type: Builtin, int Canonical: Builtin, int typedef int MyInt; MyInt a = 42; Type: Alias, typedef Canonical: Builtin, int 22

  23. Canonical type typedef int MyInt; using TheUltimateIntOfDoom = MyInt; TheUltimateIntOfDoom a = 42; Type: Alias, using Canonical: Builtin, int Source: Alias, typedef 23

  24. Alias Enum CastOperator Class Builtin ClassMember Function Ctor Dtor Complex Operator MemberPointer Auto AssignOp Type Pointer Decltype Array Template Adjusted Reference TemplateVar TemplateParam SubstPack Deduced TemplateSpec Decayed TemplateInstance SubstTemplateArg 24

  25. Qualifiers const volatile int tricky = 42; ? Type: ConstVolatileBuiltin, int 25

  26. Qualifiers QualType Address in memory 0x00 5 bits C V R 26

  27. Quality pointer QualType Type qualifiers: const volatile restrict Pointer to the base Type class 27

  28. How it fits together Type System Factory Cache Traits Hasher 28

  29. Profit Types are immutable There's only one copy of each unique type To compare types, you just compare hash values Type "pointers" (QualType) are not nullable 29

  30. public: Id What() const noexcept; bool IsUnresolved() const noexcept; bool IsAnyAutoType() const noexcept; Base Type class QualType GetCanonical() const noexcept; QualType Wrap(TypeQualifiers quals = {}) const noexcept; size_type Sizeof() const noexcept; size_type Alignof() const noexcept; private: QualType m_canonical; hash_type m_hash = 0; Id m_id; 30

  31. public: QualType Dereference() const noexcept; PointerType template <typename TypeId, typename ...TypeIds> bool IsAnyOf(TypeId id, TypeIds... ids) const noexcept { return m_pointee->GetCanonical().IsA(id, ids...); } private: QualType m_pointee; 31

  32. Polymorphism? bool IsThisAnIntPointer(QualType qt) { if (auto t = qt.TryGetAs<PointerType>()) { auto p = t->Dereference() .TryGetAs<BuiltinType>(); return p && p->IsAnyInt(); } return false; } 32

  33. template <typename T> auto TryGetAs() const noexcept { #define MAKE_TYPE_TRAITS(t, id) \ template <> struct type_id_from_type<t> \ { \ static constexpr TypeId value = id; \ }; \ template <> struct type_from_type_id<id> \ { \ using type = t; \ }; return To<T>(GetTypePtr()); } template <typename T> auto To(Type* src) noexcept -> std::remove_const_t<T>* { return IsA(src, type_id_from_type_v<T>) ? static_cast<std::remove_const_t<T>*>(src) : nullptr; } 33

  34. Another way bool IsThisAnIntPointer(QualType qt) { if (!Traits::IsPointer(qt)) return false; auto t = Traits::RemovePointer(qt) .TryGetAs<BuiltinType>(); return t && t->IsAnyInt(); } 34

  35. Traits 35

  36. Traits QualType Traits::Decay(QualType qt) { auto type = RemoveCVRef(qt); if (IsFunction(type)) return AddPointer(type); if (auto arrT = type.TryGetAs<TypeId::Array>()) return AddPointer(arrT->GetElementType()); return type; } 36

  37. How it fits together Diagnostic rule auto type = decl->GetType(); if(Traits::/*....*/) { //.... } int* p = nullptr; AST (declaration) Parser auto pointee = TypeSystem::GetBuiltin(BuiltinId::Int).Wrap(); auto result = Traits::AddPointer(pointee); 37

  38. Summary 38

  39. QUESTIONS Inside a static analyser: type system Yuri Minaev minaev@viva64.com 39

Related


Static GNSS Techniques and Products for Geospatial Applications

Static GNSS Techniques and Products for Geospatial Applications

cannon
Static Analysis Techniques Overview

Static Analysis Techniques Overview

marvin
Electricity Concepts: From Atoms to Static Electricity

Electricity Concepts: From Atoms to Static Electricity

amaryllis
Comparison Between Static and Dynamic Program Instrumentation

Comparison Between Static and Dynamic Program Instrumentation

jadiel
Software Testing Foundation Level - Static Testing Quiz by Uwe G. hl

Software Testing Foundation Level - Static Testing Quiz by Uwe G. hl

giada
Static Variables and Methods in Java

Static Variables and Methods in Java

kaede
Ortho Vision Validation and Operation in RCI

Ortho Vision Validation and Operation in RCI

farah
Importance of Static Unit Testing in Software Development

Importance of Static Unit Testing in Software Development

alberto
The Wonders of Electricity: From Appliances to Static Energy

The Wonders of Electricity: From Appliances to Static Energy

talianal
Static Routing in Network Infrastructure Workshops

Static Routing in Network Infrastructure Workshops

raid_52
Static Analysis in Flight-Critical Software

Static Analysis in Flight-Critical Software

emili
Static Electricity in Spray Painting of Cars

Static Electricity in Spray Painting of Cars

cristobal_k
Using Decision Trees for Program-Based Static Branch Prediction

Using Decision Trees for Program-Based Static Branch Prediction

bkir
Static Electricity: Two Kinds of Charges

Static Electricity: Two Kinds of Charges

pau_bas
C++11 Features and Design Patterns by Mark Redekopp

C++11 Features and Design Patterns by Mark Redekopp

sachikos
Procedural Decomposition and Static Methods in Programming

Procedural Decomposition and Static Methods in Programming

gvir
Static Variables and Methods in Object-Oriented Programming

Static Variables and Methods in Object-Oriented Programming

baze_l
Introduction to Static Analysis in C.K. Chen's Presentation

Introduction to Static Analysis in C.K. Chen's Presentation

rhew_den
Event-Based Race Detection in Android Apps Using SIERRA

Event-Based Race Detection in Android Apps Using SIERRA

chibuik
Benefits of Probabilistic Static Analysis for Improving Program Analysis

Benefits of Probabilistic Static Analysis for Improving Program Analysis

elizahdo
Static Timing Analysis in Advanced VLSI Design

Static Timing Analysis in Advanced VLSI Design

elama
Static Electricity and Electrostatics

Static Electricity and Electrostatics

thee_aj

More Related Content