Static analysis and Adium

After seeing the earlier email about static analysis being run on Adium I emailed our development list about making use of it. The result so far has been, which we'll be updating as we go through the reports. Augie is also doing another run using checker-55 since that report is from -47. So far this is pretty awesome :slight_smile: I've fixed on leak and confirmed two in almost no time. This evening I'm going to go down the updated list in detail. Hopefully once we get comments on the false positives it'll be useful for improving the heuristics.

          David Smith

Hi David,

This is great news. It really gladdens me that people are finding the tool to be useful.

Right now I'm looking at a few of the false positives in the list of warnings flagged for Adium. Some of them look like they are due to things that we are not tracking (and will hopefully eventually track), while others look like things we should handle right now. It's really helpful for me to see what reports are classified as false positives, as it gives me a systematic way to find bugs and shortcomings in the analyzer and eliminate them.

It's also clear that the diagnostics still need significant improvement, especially with respect to null pointer dereferences. Beyond improving the precision of the analyzer, improving its output is also high on the todo list. (so any suggestions are welcome!)

Finally, if you have feature requests for other bugs to check for, please email cfe-dev or file a bugzilla report.


dereferences. Beyond improving the precision of the analyzer,
improving its output is also high on the todo list. (so any
suggestions are welcome!)

Add links to descriptions. E.g., when who first visits this page
sees "Dead store on ...". I can imagine that only a few people
know what a dead store actually is.

Agreed. That's an excellent suggestion.

I would like to see the output sorted by source file. For instance, if MyClass.m has 5 memory leaks reported then these leaks should all be next to one another so I don't have to hunt back and forth between files. And/or you could make the table of results sortable by column.

Todd Ransom
StoryMill & Montage Development
Mariner Software

Hi Todd,

The table of results should already be sortable by column. Is this not working for you? We use the sorttable.js script found at:

   sorttable: Make all your tables sortable

This only works if the sorttable.js is in the same directory as the index.html that lists the set of warnings (scan-build copies this file over by default).


Hi Todd,

BTW, after I sent my last email, I realized that you may have been referring to the table on the Adium wiki:

This table was not produced by the static analysis tool.

The tool itself produces an index.html (not shown) that contains a table of warnings whose columns can be sorted with a mouse click. That table has a less polished look than the one in the wiki. If you are interested in getting the static analysis results on Adium where you can sort the results, you can easily just rerun the tool.

If anyone is interested in making the tool’s output more polished, patches are certainly welcome. I don’t pretend to be an HTML guru.


No, I was talking about the table produced by the scan-build command line interface. I see now that it is sortable. It might be nice to provide some visual indicator of that. The default table sort seems to be by bug type. If you added a sort indicator to that column by default it would be more obvious the table is sortable.


Todd Ransom
StoryMill & Montage Development
Mariner Software

Thanks for the suggestion Todd! Do you have an idea of what would be a good sort indicator? I do work at Apple, but I'm an analysis guy, not a GUI engineer. I would be happy to put in any changes that make the output easier to use.


There is a sort indicator that appears when you click on one of the column headers so you could use that one. I am not an HTML guy, either, so I can't tell where the image is coming from (I don't see it when viewing source). Maybe if you specify a default sort it will show up magically :slight_smile:

Todd Ransom
StoryMill & Montage Development
Mariner Software


This fix will be incorporated in the next checker build.

Thanks for the feedback Todd!

If anyone is interested in making the tool's output more
polished, patches are certainly welcome. I don't pretend to
be an HTML guru.

I'm not actually sure if the analysis tool should produce HTML at
all. Maybe you simply produce text or XML as output. People can
than write their own tools to make a nice web page out of that,
if they prefer. Or if they prefer to use "grep", it would be OK
then, too :slight_smile:

This would allow you to focus on analysis (where you're good at)
and let others do the HTML things, if they need it.

The HTML output is generated by HTMLDiagnostics, a subclass of PathDiagnosticClient that appears in the Driver. The analysis engine just knows that it is interacting with a PathDiagnosticClient, and has no knowledge that the reports are being blasted to HTML. This decoupling between presentation of bug reports and the generation of bug reports is intentional so that bug reports can be displayed or processed in multiple ways.

If there is interest in doing XML or text output, all one would need to do is implement a new PathDiagnosticClient (and put it in the Driver).

Patches welcome!


I'm gonna works on an XML output. Is someone interested to do such thing too ?

Hi Jean-Daniel,

That's great! BTW, the PathDiagnosticClient is an evolving interface, and I'm completely fine with modifying it to make the world a better place. I'll make some changes to the Driver to make it easier to hook up different PathDiagnosticClients to AnalysisConsumer (the ASTConsumer that drives the different static analysis passes) besides just the current HTMLDiagnostics.