5

What's the difference between shallow and deep static analysis? I'm using Xcode at the moment, and noticed that there's a build setting that distinguishes between the two.

I'm curious about this in the general case, and I'm also wondering if there's any difference in how Clang implements this distinction.

I tried some Google-foo and I couldn't find an answer. I tried going through the Apple and Clang docs to see if they explain it but I didn't find anything. Hopefully I didn't miss an obvious stone to overturn in my searching.

Xcode screenshot of the deep & shallow static analysis options

Sean Michael Dorian
  • 397
  • 3
  • 14
  • Accurate static analysis is a difficult problem - I'm guessing Deep simply means the analyzer works harder (which makes the analysis slower and resource intensive, but there will be more true positives and/or less false negatives). – HairyFotr Apr 16 '15 at 08:20

1 Answers1

3

(1) A talk from apple's Evan Cheng (compilation tech) gives an indication (see pages 157/158):

  • shallow - quick analysis
  • deep - more thorough analysis

Recommendation: Always analyze in deep mode as part of qualifications

(2) Some more details you can find in the source code of the analyzerOptions There is the UserModeKind variable:

00184   /// \brief Describes the kinds for high-level analyzer mode.
00185   enum UserModeKind {
00186     UMK_NotSet = 0,
00187     /// Perform shallow but fast analyzes.
00188     UMK_Shallow = 1,
00189     /// Perform deep analyzes.
00190     UMK_Deep = 2
00191   };
00192 
00193   /// Controls the high-level analyzer mode, which influences the default 
00194   /// settings for some of the lower-level config options (such as IPAMode).
00195   /// \sa getUserMode
00196   UserModeKind UserMode;
00197 
00198   /// Controls the mode of inter-procedural analysis.
00199   IPAKind IPAMode;

Without looking too deep into the code you see that one difference is the deactivation of the (timeconsuming) inter-procedural analysis...

Lonzak
  • 9,334
  • 5
  • 57
  • 88