[analyzer] Any real projects for testing Static Analyzer?

Hi, all.

What (open) projects do you use to test CSA (features, performance, etc.)?

I was trying to find any, but it is harder then I thought. I’m using Windows and many projects use posix includes.

My aim is to test performance of my patch. Or maybe somebody could do this for me :).

Hi Denis,

I am using csa-testbanch to test the performance and stability of my patches. It can aggregate the analyzer statistics and provides really nice charts. Under the hood it uses CodeChecker.
The usual projects I run the tests are (in increasing complexity for the analyzer):

  • tmux

  • curl

  • redis

  • xerces

  • bitcoin

  • protobuf
    Here are two example configurations that I use for the testbanch:

  • C projects

  • C++ projects
    Note, these config files describe how to build the projects and what kind of parameters to add to each analyzer invocations.

Cheers,
Gabor

​Thank you, Gabor.

Please, tell how to run analysis of the whole project from cmd line?

I know how to analyze a sample file with stats:
clang --analyze -Xclang -analyzer-stats​ sample.cpp

But how to analyze e.g. https://github.com/protocolbuffers/protobuf or https://github.com/webmproject/libwebm?

What line should be if I want to use exactly raw command?

BTW,

I am trying to get a report from tinyxml2 (https://github.com/leethomason/tinyxml2) project running:
scan-build -stats -o . --use-analyzer=\clang.exe make

preliminarily adding next *d**evision by zero* function to tinyxml2.cpp​ file .

int f(bool is)
{
int x = 0;
int y = x;
int z = 0;
if(y == 0)
{
z = 12 / x;
}
return z;
}

But the result is:

scan-build: Analysis run complete.
scan-build: Removing directory ‘/tinyxml2-master/build/2020-05-14-215742-2708-1’ because it contains no reports.
scan-build: No bugs found.

What am ​I doing wrong?