Scan-Build question

Hello all,

I am a current student at University of Pennsylvania and am experimenting with scan-build as part of a senior project. I just had a couple questions regarding some behavior I didn't quite understand. Does the output of scan-build differ depending on the user permissions, or whether it is created as a child process? Are there any flags that determine how sensitive scan-build is to detecting bugs? For reference, running scan build myself versus through executing a shell command on a Node.js server on that same machine yields different outputs, with the server outputting many more. I cannot find any configuration file, and all the bugs reported belong to the set of checkers enabled by default. I would love some insight into why this could be happening.

Best regards,

Bradley Jackson

Hello all,

I am a current student at University of Pennsylvania and am experimenting with scan-build as part of a senior project. I just had a couple questions regarding some behavior I didn't quite understand. Does the output of scan-build differ depending on the user permissions, or whether it is created as a child process? Are there any flags that determine how sensitive scan-build is to detecting bugs? For reference, running scan build myself versus through executing a shell command on a Node.js server on that same machine yields different outputs, with the server outputting many more. I cannot find any configuration file, and all the bugs reported belong to the set of checkers enabled by default. I would love some insight into why this could be happening.

Best regards,

Bradley Jackson

Sounds pretty weird, i don't have any immediate ideas on what may cause this. If running scan-build over the same projects in different environments yields different results, then my first guess would be to try to see if the same files get compiled during build, and then if they do actually get analyzed after that.

Have a look at the standard output - are there compile errors? Only what's compiled can be analyzed. Make sure you're doing a clean rebuild: if things aren't built, they aren't analyzed.

Scan-build's method is very simple: it changes the CC= and CXX= environment variables so that they point to its own "compiler" (ccc-analyzer) which is a wrapper that launches both the original compiler and a clang instance that performs the analysis. If something messes with environment variables, it may be the problem. You can see which files were compiled/analyzed by adding a print at the beginning of the script (i don't think there's a more comfy way to debug that, but ccc-analyzer is a simple perl script, so it shouldn't be hard to modify).

Also see if you're using a different clang - it's unlikely, but it may cause differences in results simply due to updates in the Static Analyzer.

Additionally, debug vs. release builds of the project you're analyzing (and, similarly, builds with different ./configure flags) may yield different results due to different macro expansions (debug is preferred because it lets Static Analyzer to take advantage of assertions within the code).