How to make the Clang Static Analyzer output its working from command line?

Question

I\'m running Clang 3.4 on Ubuntu 12.10 (from http://llvm.org/apt/). I ran the analyzer (clang --analyze) over some code, and it found a couple of issues:

Bla         


        

Answer 1

You have to use scanbuild: http://clang-analyzer.llvm.org/scan-build.html

You type the commands that generate your build, but you pre-pend them with scan-build.

Example: instead of

make

type

scan-build make

instead of

./configure
make

type

scan-build ./configure
scan-build make

Clear the build before launching the analyzer, otherwise make will state that everything has been built already and the analyzer will not run.

Answer 2

In addition to text output on the console:

clang++ --analyze -Xanalyzer -analyzer-output=text main.cpp

You can get the full html output:

clang++ --analyze -Xanalyzer -analyzer-output=html -o html-dir main.cpp

Additionally, you can select specific checkers to enable. This page lists available checks. For example, you can enable all of the C++ checks in the alpha group using the flags:

-Xanalyzer -analyzer-checker=alpha.cplusplus

http://coliru.stacked-crooked.com/a/7746c4004704d4a7

main.cpp:5:1: warning: Potential leak of memory pointed to by 'x'
}
^
main.cpp:4:12: note: Memory is allocated
  int *x = new int;
           ^~~~~~~
main.cpp:5:1: note: Potential leak of memory pointed to by 'x'
}
^

---

Apparently the front end exposes

-analyzer-config <Option Name>=<Value>

E.g.

-analyzer-config -analyzer-checker=alpha.cplusplus

which might be better supported than -Xanalyzer and may be getting extended to support options to individual checkers: http://lists.cs.uiuc.edu/pipermail/cfe-dev/2014-October/039552.html

Answer 3

You are on the right track, but to get the full trace leading to a bug you additionally need to ask clang for output in text format (don't ask why). Since you will probably need to adjust e.g. include paths or defines for your project anyway I'd suggest you use clang-check which acts as a wrapper around clang's analyzer pass. It can also hook into the static analyzer tools exposed in e.g. scan-build. You can then

$ clang-check -analyze -extra-arg -Xclang -extra-arg -analyzer-output=text

Like you wrote the documentation for these very nice tools is abysmal. I cobbled above call together from bits and pieces from Chandler Carruth's GoingNative2013 talk.