I'm a KDE project developer and would like to check the part of the
code I'm maintaining with the clang static analyzer. My system is as
follows:
Fedora 16 64 bit, clang-analyzer package2.9-6.fc16 from the official
updates repo
So, I've tried to do
scan-build make
in the build directory of my code module.
The build ran and scan-build gave me no errors or warnings. However, I
can for sure see that in that code, there is at least one
uninitialized pointer being written into.
What am I doing wrong? Does clang-analyzer support this kind of
errors? Is Linux supported officially?
As far as I know, there are no clang developers who are maintaining/testing the analyzer on Fedora. We don’t know how the package is produced. If you are interested in building clang from the source, we would be glad to help you investigate the issues you run into. scan-build is just a perl script which interposes clang on top of your build and is not full proof either.
The analyzer is not guaranteed to find all bugs in the code. For example, it might stop exploring s particular path through the program and not reach the place where the uninitialized pointer is used. Try testing it out on a small project or add a test function containing just a devision by 0 (or null pointer dereference) to the existing project and see if that gets caught.
The build ran and scan-build gave me no errors or warnings. However, I
can for sure see that in that code, there is at least one
uninitialized pointer being written into.
You may need to set $CCC_CC and/or $CCC_CXX, especially if you're using
cross compilers or something like that. When you run scan-build it will
make sure that those compilers are put into $CC and $CXX respectively.
Similarly, if your makefile ignores $CC/$CXX, I don't think scan-build
will do what you want. It needs to replace the compiler you're using
with a wrapper.