scan-build "No bugs found."

I'm running scan-build on Apache Traffic Server and getting "No bugs found.", which isn't what I expect.

I ran it as follows:

   $ git clone GitHub - apache/trafficserver: Apache Traffic Server™ is a fast, scalable and extensible HTTP/1.1 and HTTP/2 compliant caching proxy server.
   $ cd trafficserver
   $ autoreconf -i
   $ ./configure
   $ scan-build -v -v make V=1 2>&1 > ~/Desktop/scan-build

Here's the output [1].

I didn't run ./configure through scan-build, but I conclude from the Make output that the compiler is being correctly interposed upon, so I shouldn't need to? The output indicates that the compiler is c++-analyzer.

The output contains lines like the following, so I conclude that the analyzer is working?

   ANALYZE (Syntax): ../../lib/ts/ink_mutex.h ~x_pthread_mutexattr_t

And it contains lines like "1 warning generated.", so I conclude that there should be bugs?

So my first question is, why are there "No bugs found."?

Also, although I redirect both stdout and stderr, the lines I mentioned -- "ANALYZE ..." and "1 warning generated." -- are nonetheless printed on the console, not [1]. Why is that?

Thanks!

[1] http://nottheoilrig.com/scan-build

Hi Jack,

was following your recipe to analyze the traffic server. Was using the scan-build-py and scan-build from Clang source repo. Both was leaving me a non empty report directory with 22 bug reports.

And scan-build is designed to run through configure too. It does not have a huge cost to do, so should not be an issue. But this case I agree, the generated makefiles are respecting the CC and CXX variables, therefore the interposition works.

About the redirection problem. I don’t know the answer. But I know a workaround it. If you use the intercept-build and analyze-build from scan-build-py, you can separate the interception phase from the actual static analyzer runs. And when you run analyze-build that can be redirected without this problem.

Regards,

Laszlo

You can hard-confirm if the analyzer is running by seeing if you have any "clang -cc1 -analyze ..." processes during analysis. Though, those "ANALYZE (Syntax)" lines are definitely from the analyzer.

The scan-build tool has known issues, which you might have stepped into.

It might be that all warnings you're seeing in the console are "cross-file" (eg. some part of the path in header and some in the main file), which is **very unfortunately** not supported by the html diagnostic output (which produces one plain-html file per warning, incorporating a single file through the HTMLRewrite mechanism), so such warnings would be dropped by scan-build but appear in console.

The other option is to use scan-build -plist, which would not drop warnings but produce barely readable XML output; normally, plists are for use by IDEs that try to integrate the analyzer (like Xcode and QtCreator; i don't think they use scan-build internally though, as they don't need an external compiler interceptor to understand their build system anyway).

So unless somebody implements a proper multi-file html report output, we're either stuck with these few IDEs or miss some warnings (normally not too many).

I tried to reproduce the issue and it *seems* (but i didn't dig deeper) that some of them are cross-file (note that when the whole report is inside a header, it's not a problem).

> Also, although I redirect both stdout and stderr, the lines I mentioned -- "ANALYZE ..." and "1 warning generated." -- are nonetheless printed on the console, not [1]. Why is that?

The scan-build script messes up stdout and stderr dramatically to produce reasonable output at least to console, tackling with mutliple sources from multiple processes (original compiler and ccc-analyzer instances) and piping their stdout and stderr around. I didn't dare to understand this ever, but i agree it's not quite UNIX-way.

Thanks for trying to reproduce my problem! I tried again with scan-build from the Clang source repository. Now I'm getting one bug and one crash. So I'm confident that the analyzer is doing *something*, but I still wonder why I'm not seeing the 22 bugs that you are?

Am I running the same version of scan-build? Is there something about my environment that could explain the discrepancy? I'm running Debian Linux. Are the versions of any other tools on my system significant to this?

Here's what I did this time:

   $ svn co http://llvm.org/svn/llvm-project/llvm/trunk llvm
   $ cd llvm/tools
   $ svn co http://llvm.org/svn/llvm-project/cfe/trunk clang
   $ cd ../..
   $ mkdir build
   $ cd build
   $ cmake ../llvm
   $ make
   $ cd ..
   $ git clone GitHub - apache/trafficserver: Apache Traffic Server™ is a fast, scalable and extensible HTTP/1.1 and HTTP/2 compliant caching proxy server.
   $ cd trafficserver
   $ autoreconf -i
   $ ./configure
   $ ../build/bin/scan-build -v -v make V=1 2>&1 > ~/Desktop/scan-build

Here's the output [1] -- again, many lines were printed on the console instead. Here's the crash [2].

Thanks for the tip about scan-build-py, I haven't tried that yet.

[1] http://nottheoilrig.com/scan-build-1484839698
[2] Index of /failures

Hi Jack,

your report about the scan-build problem is a good feedback. But not sure how well that piece of code is maintained, or these kind of issues (lost bug reports, redirection problem) will be addressed… I did recommend scan-build-py as an alternative solution. That has not been released yet. As a developer of that tool I would glad to hear feedback about it.

To use scan-build-py currently you don’t need to compile the project. Just make sure that your PATH environment contains the tools/scan-build-py/bin directory. (This easiness planed to be changed. ;)) I’m saying it because in your second mail, you compile the Clang/LLVM sources, but you didn’t run make install.

Could also send somehow the output of the these commands?

$ env # looking for the CC and CXX variables

$ command -v cc

$ command -v c++

$ command -v clang

$ command -v clang++

$ cc -v

$ c++ -v

$ clang -v

$ clang++ -v

Regards,

Laszlo

Thanks for offering to help me get to the bottom of this.

Here's the output of scan-build-py [1]. I ran it as follows:

   $ PATH="~/Desktop/llvm/tools/clang/tools/scan-build-py/bin:$PATH" scan-build ./configure
   $ PATH="~/Desktop/llvm/tools/clang/tools/scan-build-py/bin:$PATH" scan-build -v -v make V=1 2>&1 > ~/Desktop/scan-build-$(date +%s)

Some lines were printed on the console, the last of which was:

   scan-build: WARNING: Removing directory '/tmp/scan-build-2017-01-24-14-28-09-932827-5xhMxQ' because it contains no report.

I suspect scan-build-py is using the version of Clang installed on my system -- which is only version 3.8.1. How do I get it to use the version that I built?

Here's the output of the commands you listed:

   $ PATH="~/Desktop/llvm/tools/clang/tools/scan-build-py/bin:$PATH" env
PATH=~/Desktop/llvm/tools/clang/tools/scan-build-py/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:
   _LXSESSION_PID=3090
   XDG_CONFIG_HOME=/home/nottheoilrig/.config
   LESSCLOSE=/usr/bin/lesspipe %s %s
   XDG_MENU_PREFIX=lxde-
   BYOBU_COLOR_TERM=tmux-256color
   BYOBU_ULIMIT=ulimit
   LANG=en_CA.UTF-8
   GDM_LANG=en_CA.utf8
   LESS=FiRX
   DISPLAY=:0.0
   COMP_WORDBREAKS=
   "'><;|&(:
   BYOBU_CONFIG_DIR=/home/nottheoilrig/.config/byobu
   OLDPWD=/home/nottheoilrig/Desktop/trafficserver
   BYOBU_DARK=#333333
   BYOBU_LIGHT=#EEEEEE
   XDG_VTNR=7
   SSH_AUTH_SOCK=/home/nottheoilrig/.config/byobu/.ssh-agent
   BYOBU_PREFIX=/usr
   XDG_SESSION_ID=2
   XDG_GREETER_DATA_DIR=/var/lib/lightdm/data/nottheoilrig
   BYOBU_TTY=/dev/pts/0
   USER=nottheoilrig
   DESKTOP_SESSION=LXDE
   BYOBU_TERM=tmux-256color
   BYOBU_HIGHLIGHT=#DD4814
   BYOBU_DISTRO=Debian GNU/Linux
   PWD=/home/nottheoilrig/Desktop/trafficserver
   HOME=/home/nottheoilrig
   BYOBU_PAGER=sensible-pager
   SSH_AGENT_PID=3128
   QT_ACCESSIBILITY=1
   TMUX=/tmp/tmux-1000/default,3633,1
   XDG_SESSION_TYPE=x11
XDG_DATA_DIRS=/usr/local/share:/usr/share:/usr/share/gdm:/var/lib/menu-xdg:/usr/local/share/:/usr/share/:/usr/share/gdm/:/var/lib/menu-xdg/
   BYOBU_DATE=%Y-%m-%d
   BYOBU_CHARMAP=UTF-8
   BYOBU_PYTHON=python2
   XDG_SESSION_DESKTOP=lightdm-xsession
   EMAIL=jack@nottheoilrig.com
   BYOBU_READLINK=readlink
   SAL_USE_VCLPLUGIN=gtk
   SHELLCHECK_OPTS=--exclude SC1090,SC1091,SC2015,SC2016,SC2034,SC2139,SC2148,SC2154,SC2164
   GTK_MODULES=gail:atk-bridge
   BYOBU_WINDOW_NAME=-
   SHELL=/bin/bash
   TERM=tmux-256color
   XDG_SEAT_PATH=/org/freedesktop/DisplayManager/Seat0
   BYOBU_SED=sed
   XDG_CURRENT_DESKTOP=LXDE
   QT_LINUX_ACCESSIBILITY_ALWAYS_ON=1
   BYOBU_BACKEND=tmux
   TMUX_PANE=%105
   SHLVL=3
   XDG_SEAT=seat0
   LANGUAGE=en_CA:en
   BYOBU_ACCENT=#75507B
   PROMPT_COMMAND=__git_ps1 '\[\e]0;\u@\h: \w\a\]${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]' '$ '
   BYOBU_TIME=%H:%M:%S
   BYOBU_RUN_DIR=/dev/shm/byobu-nottheoilrig-sHS6qxFP
   GDMSESSION=lightdm-xsession
   LOGNAME=nottheoilrig
DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-2WJcoS95Ka,guid=82534bc0612a3fd0c12658d957f2ba5b
   XDG_RUNTIME_DIR=/run/user/1000
   XAUTHORITY=/home/nottheoilrig/.Xauthority
   XDG_SESSION_PATH=/org/freedesktop/DisplayManager/Session0
   XDG_CONFIG_DIRS=/etc/xdg
   LESSOPEN=| /usr/bin/lesspipe %s
   _=/usr/bin/env

   $ PATH="~/Desktop/llvm/tools/clang/tools/scan-build-py/bin:$PATH" command -v cc
   /usr/bin/cc

   $ PATH="~/Desktop/llvm/tools/clang/tools/scan-build-py/bin:$PATH" command -v c++
/usr/bin/c++

   $ PATH="~/Desktop/llvm/tools/clang/tools/scan-build-py/bin:$PATH" command -v clang
   /usr/bin/clang

   $ PATH="~/Desktop/llvm/tools/clang/tools/scan-build-py/bin:$PATH" command -v clang++
   /usr/bin/clang++

   $ PATH="~/Desktop/llvm/tools/clang/tools/scan-build-py/bin:$PATH" cc -v
   Using built-in specs.
   COLLECT_GCC=cc
   COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/6/lto-wrapper
   Target: x86_64-linux-gnu
   Configured with: ../src/configure -v --with-pkgversion='Debian 6.2.1-5' --with-bugurl=file:///usr/share/doc/gcc-6/README.Bugs --enable-languages=c,ada,c++,java,go,d,fortran,objc,obj-c++ --prefix=/usr --program-suffix=-6 --program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-libmpx --enable-plugin --enable-default-pie --with-system-zlib --disable-browser-plugin --enable-java-awt=gtk --enable-gtk-cairo --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-6-amd64/jre --enable-java-home --with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-6-amd64 --with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-6-amd64 --with-arch-directory=amd64 --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --enable-objc-gc=auto --enable-multiarch --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu
   Thread model: posix
   gcc version 6.2.1 20161124 (Debian 6.2.1-5)

   $ PATH="~/Desktop/llvm/tools/clang/tools/scan-build-py/bin:$PATH" c++ -v
   Using built-in specs.
   COLLECT_GCC=c++
   COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/6/lto-wrapper
   Target: x86_64-linux-gnu
   Configured with: ../src/configure -v --with-pkgversion='Debian 6.2.1-5' --with-bugurl=file:///usr/share/doc/gcc-6/README.Bugs --enable-languages=c,ada,c++,java,go,d,fortran,objc,obj-c++ --prefix=/usr --program-suffix=-6 --program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-libmpx --enable-plugin --enable-default-pie --with-system-zlib --disable-browser-plugin --enable-java-awt=gtk --enable-gtk-cairo --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-6-amd64/jre --enable-java-home --with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-6-amd64 --with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-6-amd64 --with-arch-directory=amd64 --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --enable-objc-gc=auto --enable-multiarch --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu
   Thread model: posix
   gcc version 6.2.1 20161124 (Debian 6.2.1-5)

   $ PATH="~/Desktop/llvm/tools/clang/tools/scan-build-py/bin:$PATH" clang -v
   clang version 3.8.1-16 (tags/RELEASE_381/final)
   Target: x86_64-pc-linux-gnu
   Thread model: posix
   InstalledDir: /usr/bin
   Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9
   Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9.3
   Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/5.4.1
   Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/6.2.1
   Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.9
   Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.9.3
   Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/5.4.1
   Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/6.2.1
   Selected GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/6.2.1
   Candidate multilib: .;@m64
   Selected multilib: .;@m64

   $ PATH="~/Desktop/llvm/tools/clang/tools/scan-build-py/bin:$PATH" clang++ -v
   clang version 3.8.1-16 (tags/RELEASE_381/final)
   Target: x86_64-pc-linux-gnu
   Thread model: posix
   InstalledDir: /usr/bin
   Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9
   Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/4.9.3
   Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/5.4.1
   Found candidate GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/6.2.1
   Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.9
   Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/4.9.3
   Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/5.4.1
   Found candidate GCC installation: /usr/lib/gcc/x86_64-linux-gnu/6.2.1
   Selected GCC installation: /usr/bin/../lib/gcc/x86_64-linux-gnu/6.2.1
   Candidate multilib: .;@m64
   Selected multilib: .;@m64

[1] http://nottheoilrig.com/scan-build-1485293289

Thanks for offering to help me get to the bottom of this.

Here’s the output of scan-build-py [1]. I ran it as follows:

$ PATH=“~/Desktop/llvm/tools/clang/tools/scan-build-py/bin:$PATH” scan-build ./configure
$ PATH=“~/Desktop/llvm/tools/clang/tools/scan-build-py/bin:$PATH” scan-build -v -v make V=1 2>&1 > ~/Desktop/scan-build-$(date +%s)

Some lines were printed on the console, the last of which was:

scan-build: WARNING: Removing directory ‘/tmp/scan-build-2017-01-24-14-28-09-932827-5xhMxQ’ because it contains no report.

I suspect scan-build-py is using the version of Clang installed on my system – which is only version 3.8.1. How do I get it to use the version that I built?

There is an option to pass to scan-build to specify the clang binary to use for analysis. The expectation is that all scan-build options would also be available in scan-build-py, which is a new tool Laszlo is building.

–use-analyzer Xcode
or
–use-analyzer [path to clang] | scan-build uses the ‘clang’ executable relative to itself for static analysis. One can override this behavior with this option by using the ‘clang’ packaged with Xcode (on OS X) or from the PATH. |

  • | - |

There is more information on scan-build usage here https://clang-analyzer.llvm.org/scan-build.html.