SourceForge Logo Smatch Logo

Smatch Intermediate Code Representation!!!

Smatch is really simple. You get the modified compiler and use use it to compile your code. The compiler generates a bunch of .sm files. Then you type "./checker_script.pl file.c.sm" and review all the errors that the script finds.

But all day long people keep asking me what wonderful stuff is tucked in the .sm files.

To answer that question, take the--fairly useless--program: 

int main () {
        int a, b;

        a = 1;
        b = 3;
        if ( a == b) {
                a = 3;
        }
        return 0;
}

The smatch output from that would look something like this (after I ran it through the filter.pl script for neatness): 

hello.c 1 func_impl call_expr((identifier_node(main))(tree_list:))
hello.c 4 expr_stmt modify_expr(var_decl(a)= integer_cst(1))
hello.c 5 expr_stmt modify_expr(var_decl(b)= integer_cst(3))
hello.c 6 if_cond eq_expr((var_decl(a))(var_decl(b)))
hello.c 7 expr_stmt modify_expr(var_decl(a)= integer_cst(3))
hello.c 9 else
hello.c 9 end_if
hello.c 9 return_stmt modify_expr(result_decl integer_type = integer_cst(0))
hello.c 10 end_func

The first word represents the filename where the code is found. The number is the line number of the code. The rest is based on the internal GCC tree representation of the code.

At this point people generally say, "You are completly out of your tree! How the heck does that gibberish simplify parsing the file?" Well consider the following made up example code. 

foo(ZERO);
foo_abstraction_macro(0);
foo(/*this value must be 
     *zero otherwise the elbow will not
     *be properly frobbed*/0/*and we don't 
     *want that to happen now do we?*/);
The smatch output from that code looks like this: 
foo.c 7 expr_stmt call_expr((addr_expr function_decl(foo))(tree_list: integer_cst(0)))
foo.c 8 expr_stmt call_expr((addr_expr function_decl(foo))(tree_list: integer_cst(0)))
foo.c 9 expr_stmt call_expr((addr_expr function_decl(foo))(tree_list: integer_cst(0)))

It is obviously much more clear from the smatch output that those are exactly the same.

I would go into more depth explaining how the stuff is formatted but the truth is that I have to look it up everytime myself. It's basically straight forward. Just play around with it for a bit and you should pick up everything you need to know in a half hour or so.