Need Help - Clang-Analyzer Issue

Hi Team,

I am using the clang-static analyzer to know all the technical defects in my iOS Application.

While Using scan-build, it was suppressing some bugs in the console itself without generating them in the HTML report.

So, If I use the BUILD AND ANALYZE option of the xcode, I am getting 103 bugs where as through scan-build, I am getting just 36 bugs.

A lot of mismatch is there.

The XCode version I’m currently using is XCode 4.2 and the command using is

“scan-build -k -o /Desktop/Reports xcodebuild clean build -configuration Debug -sdk iphonesimulator5.0”.

Struggling with this from many days. Hope u will help ASAP.

Thanks and Regards,
Sowmya Gaddipati.

Hi Sowmya,

Before I mentioned more details, in short, the easiest way to analyze iOS projects is within Xcode. If you wish to update the version of the static analyzer used by Xcode to use the one provided with the open source checker builds, you can use the set-xcode-analyzer script that is bundled with the tar file.

The more detailed answer is that scan-build is long in the tooth, and simply doesn't do a good job with interposing on xcodebuild (or really any build system). scan-build was written more of a proof-of-concept, but has never really been made a production turn key solution for analyzing any arbitrary project with any build system. Taking beyond the hack that it is into something that "just works" most of the time would be a great project for someone to tackle, but it would require a significant amount of work and the solution would potentially depend on the platform.

scan-build is just a Perl script. It "interposes" on a build by setting CC and CCC to a fake compiler, called ccc-analyzer. If everything works correctly (which it doesn't always), the build system then uses ccc-analyzer for compiling C and C++ files. When ccc-analyzer gets invoked, it first invokes the real compiler and then invokes clang for static analysis.

The trick is that ccc-analyzer doesn't know the "real compiler"; it just guesses that it is "gcc" in your path. If this isn't correct, then the whole thing doesn't work. You can tell scan-build to use a different compiler than just the gcc in your path by using the --use-cc and --use-cxx flags respectively, but it is rather ugly and hard to use for most users. For iOS projects, you will need to do this, especially when compiling for the device, since the device compiler resides at a specific place in the Xcode installation.

The upshot is that unless you really need to generate HTML output, the best way to analyze Xcode projects is from within Xcode itself.


Thanks Ted,

My requirement is I need to generate the xml from the HTML output of scan-build.

One more doubt is

While using iOS 5.0 sdk, I am getting following error. (but not getting with iOS 4.3)

Verify exit code of build task ‘CompileC ReviewInspectionViewController.m’
Build task claims to succeed in spite of generating error messages

Like these, so many files were not complied in my case. So, not getting the defects present in those files.

What is the reason that stops the clang-analyzer from compiling those files?

Hope u will help me ASAP. Thanks in advance.

Thanks and Regards,
Sowmya Gaddipati.

I'm pretty sure that scan-build can generate a plist file instead of HTML - and that's just a dialect of XML.
(Yeah, purists will differ - but it's still XML)

-plist - By default the output of scan-build is a set of HTML files.
                  This option outputs the results as a set of .plist files.

-- Marshall

Marshall Clow Idio Software <>

A.D. 1517: Martin Luther nails his 95 Theses to the church door and is promptly moderated down to (-1, Flamebait).
        -- Yu Suzuki

I’ve never seen that before. It’s possibly related to scan-build using gcc for compilation (by default) and your project might also only build with clang. I’d need to see more information, e,g. the output of scan-build with -v -v, to investigate further. Please file a bug report.

Indeed. You can also get these plists by just using xcodebuild with the analyzer enabled.