Help required to use clang analyzer

Hi,
I am trying to use clang analyzer using the below command.

clang -cc1 -analyze -analyzer-checker=alpha.core test.c

I am getting the following error.

test.c:1:10: fatal error: ‘sys/stat.h’ file not found

#include <sys/stat.h>

^~~~~~~~~~~~

1 error generated.

If I use the command,

clang test.c
there is no error.

Please help me to solve the error.

Arnab

Hi,

Using -cc1 disables the clang Driver. The Driver is responsible for gcc compatibility, which, apart from being able to translate gcc flags to clang flags, adds support for finding system headers in places where gcc usually looks for them. There are other drivers, such as clang-cl which turns clang into a drop-in replacement for the Visual Studio's cl.exe.

Running without the driver is not recommended for everyday use, only for development of clang itself.

If you want to run the Static Analyzer on a single file, you can do

   clang --analyze test.c

But even better, you should use the scan-build tool to analyze the entire project, for example:

   scan-build clang test.c

or

   scan-build gcc test.c

or

   scan-build make -j4

etc. See https://clang-analyzer.llvm.org/scan-build.html for more details.

Hi,
I want to thank you for replying my question.

Actually I want to use the taint checker or modify it.

clang -cc1 -analyze -analyzer-checker=alpha.security.taint.TaintPropagation test.c

But it produced the same error as I mentioned in my last question.

Please tell me the procedure to use a particular checker. I was following the description as given in http://clang-developers.42468.n3.nabble.com/Purpose-of-GenericTaintChecker-td4051900.html and http://clang-analyzer.llvm.org/checker_dev_manual.html.

I have tested the command “scan-build clang test.c” and it is working correctly. But I am not really interested to create the a.out and more interested to do the static analysis and get some kind of report.

Hi!

I never used scan-build before, I have to admit – but it seems like that it takes a compiler invocation as an argument, so you might as well invoke it like this:

scan-build clang test.cpp -c -Xclang -analyzer-checker=alpha.security.taint.TaintPropagation

The -c flag tells clang to only run the compilation, but not the code generation steps. As I understand it.

Cheers,
Kristóf Umann

Arnab Kumar Biswas via cfe-dev <cfe-dev@lists.llvm.org> ezt írta (időpont: 2019. márc. 5., K, 2:21):

That’d be an equivalent of stuffing an -analyzer-checker flag directly into the compilation database. In order to attach the flag to the Static Analyzer rather than to the compiler, there are special scan-build flags, eg.:

scan-build -enable-checker alpha.security.taint.TaintPropagation clang -c test.cpp