After building clang I didn’t end up with scan-build under $prefix/bin. Is this normally installed manually or typically only run from the source tree?
The analyzer is usually distributed through the packaged builds (scan-build + clang) as described on the website:
If you are experimenting with TOT, manual installation/running from the source tree should both work.
CCing the list as other people might add suggestions.
scan-build works by interposing on a build (by setting CC and CCC to a fake compiler, called ccc-analyzer.). If everything works correctly, the build system then uses ccc-analyzer for compiling C and C++ files. When ccc-analyzer gets invoked, it first invokes the real compiler and then invokes clang for static analysis. scan-build currently only works with make and xcodebuild. (See: http://clang-analyzer.llvm.org/scan-build.html)
In our case, regardless of whether you ever support more than one translation unit, there’s effectively no practical way that our project (~7500 source files in a reduced build configuration) would ever be compiled in any other way than our own build system (which is very complex, and non-trivial to modify). So we are stuck with invoking any analyzer at a file by file basis.
You should be able to analyze your project by calling clang --analyze on each translation unit. Just keep in mind that this might change in the future (ex: with whole project analyzes).
It might also possible that you could come up with a simple patch to scan-build which would make it suitable for your build system.
If I try scan-build manually on just one file:
$HOME/tmp/clang/llvm/tools/clang/tools/scan-build/scan-build -o $HOME/tmp/an/ --use-analyzer $HOME/local/bin/clang $HOME/local/bin/clang++ -c [SNIP MANY OPTIONS] sqle_ca_cmd.C
I end up with no output? If I debug into ccc-analyzer, I see that it does invoke the compiler, but without adding any options.
In particular, it doesn’t add: --analyze. Do I need to both add that to my compilation options and also call scan-build?
You can look at the Analyze() routine in ccc-analyzer. It does not call “clang --analyze” directly, but calls a lower level “clang -cc1 -analyze -analyzer-checker=…” the command built by scan-build. Unless you specify extra options to scan-build they will be equivalent (scan-build calls clang --analyzer -### to get the equivalent cc1 command).
In particular, it doesn't add: --analyze. Do I need to both add that to
my compilation options and also call scan-build?
You can look at the Analyze() routine in ccc-analyzer. It does not call
"clang --analyze" directly, but calls a lower level "clang -cc1 -analyze
-analyzer-checker=.." the command built by scan-build. Unless you specify
extra options to scan-build they will be equivalent (scan-build calls clang
--analyzer -### to get the equivalent cc1 command).
Thanks, the issue was that %LangMap was missing C (capital C), which is the
suffix used by most C++ code in our product, and then skipped my source
file silently. I've added:
'C' => 'c++',
to my version of this script.
It would be a good patch to submit to mainline. Whenever you need to submit a patch, you should send an email to cfe-commits mailing list with the diff attached (See http://clang.llvm.org/hacking.html).