Clang Static Analyzer

Can anyone please explain this to me and maybe give me a good staring point.Screen Shot 2017-03-22 at 5.54.19 PM.png

Clang Static Analyzer is an automatic bug-finding tool that is part of clang, activated by the --analyze option, or, even better, integrated into your build system with the help of the scan-build tool, or maybe even integrated into your IDE that supports it (eg. Analyze option in Xcode, also supported by Qt Creator). It implements a technique called symbolic execution, which uncovers deep complicated bugs in the programs, that require analysis of more than one point in the code, probably even multiple functions, and possibly manifest only on few, rather than all, execution paths in the program. You can find out more at

The analyzer is highly modular, and every type of bug that it's taught to find is provided by a separate module called a "checker". The project deals with one particular checker, that involves calling virtual functions on partially constructed or partially destructed objects. This checker originally did not use symbolic execution, aka the "path-sensitive" engine of the analyzer, and relied only on matching syntactic patterns, but we decided that it is not enough for the checker to work reliably. Hence it is proposed to rewrite this checker with the path-sensitive approach in mind.

I'm expecting this project to be relatively easy, taking 100-200 lines of code.

What specific info are you looking for?