CodeChecker: running the analyzer from the command line+ +
Basic Usage+ +
+Install CodeChecker as described here: CodeChecker Install Guide. ++ +
+Create a compilation database. If you use cmake then pass the -DCMAKE_EXPORT_COMPILE_COMMANDS=1 parameter to cmake. Cmake will create a compile_commands.json file. +If you have a Makefile based or similar build system then you can log the build commands with the help of CodeChecker: +
+make clean +CodeChecker log -b "make" -o compile_commands.json ++ + +
+Analyze your project. +
+CodeChecker analyze compile_commands.json -o ./reports ++ + +
+View the analysis results. +Print the detailed results in the command line: +
+CodeChecker parse --print-steps ./reports ++Or view the detailed results in a browser: +
+CodeChecker parse ./reports -e html -o ./reports_html +firefox ./reports_html/index.html ++ + +
+Optional: store the analysis results in a DB. +
+mkdir ./ws +CodeChecker server -w ./ws -v 8555 & +CodeChecker store ./reports --name my-project --url http://localhost:8555/Default ++ + +
+Optional: manage (categorize, suppress) the results in your web browser: +
+firefox http://localhost:8555/Default ++ + +
Detailed Usage+ +
+For extended documentation please refer to the official site of CodeChecker! +diff --git a/clang/www/analyzer/command-line.html b/clang/www/analyzer/command-line.html new file mode 100644 index 0000000..e536a77 --- /dev/null +++ b/clang/www/analyzer/command-line.html @@ -0,0 +1,67 @@ + + + +
Running the analyzer from the command line+ +
Static Analyzer is by design a GUI tool. Its purpose is to find buggy execution +paths in the program, and such paths are very hard to comprehend by looking at +a non-interactive standard output. It is possible, however, to invoke the +Static Analyzer from the command line in order to obtain analysis results, and +then later view them interactively in a graphical interface. The following +tools are used commonly to run the analyzer from the command line. Both tools +are wrapper scripts to drive the analysis and the underlying invocations of the +Clang compiler: +
- Scan-Build + is an old and simple command-line tool that emits static analyzer warnings as HTML files while compiling your project. You can view the analysis results in your web browser. + +
- + Useful for individual developers who simply want to view static analysis results at their desk, or in a very simple collaborative environment. + +
- + Works on all major platforms (Windows, Linux, macOS) and is available as a package in many Linux distributions. + +
- + Does not include support for cross-translation-unit analysis. + +
- + Perfect for managing large amounts of Static Analyzer warnings in a collaborative environment. + +
- + Generally much more feature-rich than scan-build. + +
- Supports incremental analysis: Results can be stored in a database, subsequent analysis runs can be compared to list the newly added defects. +
- Cross Translation Unit (CTU) analysis is supported fully on Linux via CodeChecker. +
- Can run clang-tidy checkers too. +
- Open source, but out-of-tree, i.e. not part of the LLVM project. +
Clang Static Analyzer
The Clang Static Analyzer is a source code analysis tool that finds bugs in C, C++, and Objective-C programs.-
The analyzer is 100% open source and is part of the Clang project. Like the rest of Clang, the analyzer is implemented as a C++ library that can be used by other tools and applications.
Viewing static analyzer results in Xcode
Viewing static analyzer results in a web browser
What is Static Analysis?
The term "static analysis" is conflated, but here we use it to mean a collection of algorithms and techniques used to analyze source code in order to automatically find bugs. The idea is similar in spirit to compiler warnings (which can be useful for finding coding errors) but to take that idea a step further and find bugs that are traditionally found using run-time debugging techniques such as testing.
Static analysis bug-finding tools have evolved over the last several decades from basic syntactic checkers to those that find deep bugs by reasoning about the semantics of code. The goal of the Clang Static Analyzer is to provide a industrial-quality static analysis framework for analyzing C, C++, and Objective-C programs that is freely available, extensible, and has a high quality of implementation.
Part of Clang and LLVM
As its name implies, the Clang Static Analyzer is built on top of Clang and LLVM. Strictly speaking, the analyzer is part of Clang, as Clang consists of a set of reusable C++ libraries for building powerful source-level tools. The static analysis engine used by the Clang Static Analyzer is a Clang library, and has the capability to be reused in different contexts and by different clients.
Important Points to Consider
While we believe that the static analyzer is already very useful for finding bugs, we ask you to bear in mind a few points when using it.
The analyzer is a continuous work-in-progress. There are many planned enhancements to improve both the precision and scope of its analysis algorithms as well as the kinds of bugs it will find. While there are fundamental limitations to what static analysis can do, we have a long way to go before hitting that wall.
Slower than Compilation
Operationally, using static analysis to automatically find deep program bugs is about trading CPU time for the hardening of code. Because of the deep analysis performed by state-of-the-art static analysis tools, static analysis can be much slower than compilation.
While the Clang Static Analyzer is being designed to be as fast and light-weight as possible, please do not expect it to be as fast as compiling a program (even with optimizations enabled). Some of the algorithms needed to find bugs require in the worst case exponential time.
The Clang Static Analyzer runs in a reasonable amount of time by both bounding the amount of checking work it will do as well as using clever algorithms to reduce the amount of work it must do to find bugs.
Static analysis is not perfect. It can falsely flag bugs in a program where the code behaves correctly. Because some code checks require more analysis precision than others, the frequency of false positives can vary widely between different checks. Our long-term goal is to have the analyzer have a low false positive rate for most code on all checks.
Please help us in this endeavor by reporting false positives. False positives cannot be addressed unless we know about them.
Static analysis is not magic; a static analyzer can only find bugs that it has been specifically engineered to find. If there are specific kinds of bugs you would like the Clang Static Analyzer to find, please feel free to file feature requests or contribute your own patches.