Previous: , Up: Static Analyzer   [Contents][Index]

27.2 Debugging the Analyzer

27.2.1 Special Functions for Debugging the Analyzer

The analyzer recognizes various special functions by name, for use in debugging the analyzer. Declarations can be seen in the testsuite in analyzer-decls.h. None of these functions are actually implemented.

Add: 

  __analyzer_break ();

to the source being analyzed to trigger a breakpoint in the analyzer when that source is reached. By putting a series of these in the source, it’s much easier to effectively step through the program state as it’s analyzed. 

__analyzer_dump ();

will dump the copious information about the analyzer’s state each time it reaches the call in its traversal of the source. 

__analyzer_dump_path ();

will emit a placeholder “note” diagnostic with a path to that call site, if the analyzer finds a feasible path to it.

The builtin __analyzer_dump_exploded_nodes will emit a warning after analysis containing information on all of the exploded nodes at that program point: 

  __analyzer_dump_exploded_nodes (0);

will output the number of “processed” nodes, and the IDs of both “processed” and “merger” nodes, such as: 

warning: 2 processed enodes: [EN: 56, EN: 58] merger(s): [EN: 54-55, EN: 57, EN: 59]

With a non-zero argument 

  __analyzer_dump_exploded_nodes (1);

it will also dump all of the states within the “processed” nodes. 

   __analyzer_dump_region_model ();

will dump the region_model’s state to stderr. 

__analyzer_eval (expr);

will emit a warning with text "TRUE", FALSE" or "UNKNOWN" based on the truthfulness of the argument. This is useful for writing DejaGnu tests.

27.2.2 Other Debugging Techniques

One approach when tracking down where a particular bogus state is introduced into the exploded_graph is to add custom code to region_model::validate.

For example, this custom code (added to region_model::validate) breaks with an assertion failure when a variable called ptr acquires a value that’s unknown, using region_model::get_value_by_name to locate the variable 

    /* Find a variable matching "ptr".  */
    svalue_id sid = get_value_by_name ("ptr");
    if (!sid.null_p ())
      {
	svalue *sval = get_svalue (sid);
	gcc_assert (sval->get_kind () != SK_UNKNOWN);
      }

making it easier to investigate further in a debugger when this occurs.

Previous: , Up: Static Analyzer   [Contents][Index]