clang-static-analyzer

I have enabled the static analyzer, but it is telling me that at the end of that execution path that object didn't get released, hence possibly causing a memory leak. I am however passing that reference to the created object to another class which will release it. I was wondering if there is a method or keyword to tell the compiled that I will release this object later. I am looking for something like the auto-release. By the way, I am using ARC. I create the object like this: CGMutablePathRef pathRef = CGPathCreateMutable(); And pass it like this: self.flowView.pathToDraw = pathRef; In my

I have a very simple C program with a potential buffer overflow using strcpy : #include <string.h> #include <stdio.h> void buffer_overflow(char* dst, const char* src) { strcpy(dst, src); } int main(int argc, char** argv) { if(argc == 2) { char buffer[16] = {0}; buffer_overflow(buffer, argv[1]); printf("[%d]: %s", (int)strlen(buffer), buffer); } return 0; } Neither clang static analyzer (using scan-build gcc -O0 -g3 -gdwarf-2 ) nor cppcheck (using cppcheck --enable=warning,style ) find this as an issue. Am I just asking too much from my static analysis tools? I can't speak for the quality of

I would like to make compilation fail for some function call but not others. The function call that I want to fail are those that do not handle return values when the value is of a certain type. In the example below, not handling a function returning Error is a compilation error but not handling a function that returns anything else should succeed just fine. Note: our runtime environment (embedded) does not allow us to use the following constructs: RTTI, exceptions. This code only needs to compiler with Clang, I would prefer not having to annotate each function. We prefer a solution that fails

I'm trying to use make use of clang-tidy integration with cmake and I'd like to pass the -check argument. I've tried adding -DCMAKE_CXX_CLANG_TIDY="/usr/local/opt/llvm38/bin/clang-tidy-3.8;-checks=*" when invoking cmake, but my makefile commands end-up looking like: /usr/local/Cellar/cmake/3.6.2/bin/cmake -E __run_iwyu --tidy="/usr/local/opt/llvm38/bin/clang-tidy-3.8;-checks=*" --source=/Users/ellery/work/..... in other words, it seems like the ; separated args are not being parsed apart. I've also tried setting the target property CXX_CLANG_TIDY directly on my target with the same value and I

I just installed ClangOnWin ,and I'm trying to get clang-tidy 's "modernize" checks to work. Unfortunately, clang-tidy doesn't seem to know about them: clang-tidy -list-checks foo.cpp -- | grep modernize produces no output. The "modernize" checks are listed here , but that page seems to document Clang 3.8, and the version I have installed is 3.7. However, version 3.7 is the current one listed at the LLVM Download Page . clang-tidy knows about a variety of security checks, so I think I have it installed correctly. For example, clang-tidy -list-checks foo.cpp -- | grep security yields this: