Clang Static Analyzer: how to use it for C++ application?

Hi, all,

I am just a newbie for Clang Static Analyzer. Then my question is not
that complex for you. I am using checker-256 on a Snow Leopard.

Here is my test source code, main.cpp: http://pastebin.com/AarMPKbs
And I have this CMakeLists.txt: http://pastebin.com/4B1e785d
After "cmake ." to generate Makefile, I called "scan-build" and get
this output: http://pastebin.com/f0GzQi3m

Could you give me any hint, for example, how to enable the checker for
cplusplus.experimental.Iterators?

Regards,
Liang

It looks like the Makefile generated by CMake hardcodes the compiler used. scan-build tries to override the compiler used by the Makefile to be ccc-analyzer/c++-analyzer respectively. This coincides with what is stated in the CMake documentation:

http://www.itk.org/Wiki/CMake_Useful_Variables#Compilers_and_Tools

I think the solution is to also run 'cmake' through scan-build as well, similarly to how one handles 'configure' based builds. That should cause CMake to use ccc-analyzer/c++-analyzer for the compiler.

It looks like the Makefile generated by CMake hardcodes the compiler used. scan-build tries to override the compiler used by the Makefile to be ccc-analyzer/c++-analyzer respectively. This coincides with what is stated in the CMake documentation:

http://www.itk.org/Wiki/CMake_Useful_Variables#Compilers_and_Tools

I think the solution is to also run 'cmake' through scan-build as well, similarly to how one handles 'configure' based builds. That should cause CMake to use ccc-analyzer/c++-analyzer for the compiler.

FYI, we will soon have a way to run tools (like the static analyzer)
over code without running it in a build. The idea is to have cmake
write a compile command database (currently in review in cmake
upstream) and reconstruct the compile command for a source file from
that (see http://lists.cs.uiuc.edu/pipermail/cfe-dev/2011-April/014684.html
for the patch to clang).

Cheers,
/Manuel

Hi Manuel,

That would be very cool.

Hi, Kremenek,

Thanks a lot for your reply.

I tried to change my CMakeLists.txt to use ccc-analyzer/c++-analyzer
as compiler. And found they are not shipped in checker-256.

The output for c++-analyzer from clang-2.9, http://pastebin.com/6XJ64L1K
The output for c++-analyzer from clang-3.0(svn), http://pastebin.com/c9Ntm2Ze

Then I guess I need to set some parameters for scan-build or ++-analyzer, right?

Regards,
Liang

They are in the ‘libexec’, not ‘bin’, directory.

Got it, but same result as the one from svn, http://pastebin.com/c9Ntm2Ze

Could you give me a build log like that for your successful c++
project? Or what are the correct parameters which should be used for
c++ project? for scan-build or c++-analyzer or clang++?

Regards,
Liang

Example of running it on the LLVM codebase:

$ mkdir llvm-cmake
$ cd llvm-cmake
$ scan-build cmake -G "Unix Makefiles" ~/llvm
...
$ scan-build make

Got some interesting things, at least like:

[LOCATION]: /Users/liangqi/build/llvm-cmake/lib/Support
#SHELL (cd '/Users/liangqi/build/llvm-cmake/lib/Support' &&
'/usr/local/bin/clang++' '-cc1' '-triple' 'x86_64-apple-darwin10.0.0'
'-analyze' '-disable-free' '-disable-llvm-verifier' '-main-file-name'
'Dwarf.cpp' '-analyzer-store=region'
'-analyzer-opt-analyze-nested-blocks' '-analyzer-checker=core'
'-analyzer-checker=unix' '-analyzer-checker=macosx'
'-analyzer-checker=DeadStores' '-analyzer-eagerly-assume'
'-analyzer-output' 'plist' '-w' '-pic-level' '1' '-mdisable-fp-elim'
'-masm-verbose' '-munwind-tables' '-target-cpu' 'core2'
'-target-linker-version' '123.2' '-resource-dir'
'/usr/local/Cellar/llvm/2.9/bin/../lib/clang/2.9' '-D' '_DEBUG' '-D'
'__STDC_LIMIT_MACROS' '-D' '__STDC_CONSTANT_MACROS' '-I'
'/Users/liangqi/build/llvm-cmake/lib/Support' '-I'
'/Users/liangqi/dev/svn/llvm/lib/Support' '-I'
'/Users/liangqi/build/llvm-cmake/include' '-I'
'/Users/liangqi/dev/svn/llvm/include' '-ferror-limit' '19'
'-fmessage-length' '0' '-stack-protector' '1' '-fblocks'
'-fcxx-exceptions' '-fexceptions' '-fdiagnostics-show-option'
'-analyzer-display-progress' '-analyzer-output=html' '-o'
'/tmp/scan-build-2011-04-26-1' '-x' 'c++'
'/Users/liangqi/dev/svn/llvm/lib/Support/Dwarf.cpp')
ANALYZE: /Users/liangqi/dev/svn/llvm/lib/Support/Dwarf.cpp TagString
ANALYZE: /Users/liangqi/dev/svn/llvm/lib/Support/Dwarf.cpp ChildrenString
ANALYZE: /Users/liangqi/dev/svn/llvm/lib/Support/Dwarf.cpp AttributeString

Will try will my dummy/test project then.

Hi, Ted,

Thanks a lot. I got this output for my dummy project,
http://pastebin.com/egyx90t3

Yes, I also set this env:
export CCC_CXX="clang++"

And could you do me a favor once more? How could I enable the checker
for "cplusplus.experimental.Iterators" in this scan-build/cmake
context?

Best Regards,
Liang

If you run scan-build without an options, it will give you a summary of possible command line options. The most relevant for your question are:

CONTROLLING CHECKERS:

A default group of checkers are always run unless explicitly disabled.
Checkers may be enabled/disabled using the following options:

-enable-checker [checker name]
-disable-checker [checker name]

None of the “experimental” checkers are listed under AVAILABLE CHECKERS, but you can still enable them.

Hi, Ted,

Yes, it works for me now.

Maybe I found a bug in checker-256, if I have the links of
clang/clang++ in the bin sub directory of that package, it doesn't
work for me. But if I remove them from bin, and add links
clang/clang++, for example, under /usr/local/bin to that
bin/clang-3.0. It works fine.

The log for whole process is this: http://pastebin.com/38zHq6Dc

Yes, now only very few C++ checker, maybe I need to learn how to add
new ones next step.

Regards,
Liang