summaryrefslogtreecommitdiffstats
path: root/tools/scan-build
diff options
context:
space:
mode:
Diffstat (limited to 'tools/scan-build')
-rwxr-xr-xtools/scan-build/ccc-analyzer21
-rwxr-xr-xtools/scan-build/scan-build213
-rw-r--r--tools/scan-build/scan-build.1348
-rwxr-xr-xtools/scan-build/set-xcode-analyzer6
4 files changed, 521 insertions, 67 deletions
diff --git a/tools/scan-build/ccc-analyzer b/tools/scan-build/ccc-analyzer
index d01bd0f..c7636f9 100755
--- a/tools/scan-build/ccc-analyzer
+++ b/tools/scan-build/ccc-analyzer
@@ -182,11 +182,6 @@ sub Analyze {
}
else {
$Cmd = $Clang;
- if ($Lang eq "objective-c" || $Lang eq "objective-c++") {
- push @Args,'-DIBOutlet=__attribute__((iboutlet))';
- push @Args,'-DIBOutletCollection(ClassName)=__attribute__((iboutletcollection)))';
- push @Args,'-DIBAction=void)__attribute__((ibaction)';
- }
# Create arguments for doing regular parsing.
my $SyntaxArgs = GetCCArgs("-fsyntax-only", \@Args);
@@ -352,6 +347,8 @@ my %LinkerOptionMap = (
my %CompilerLinkerOptionMap = (
'-fobjc-arc' => 0,
'-fobjc-abi-version' => 0, # This is really a 1 argument, but always has '='
+ '-fobjc-legacy-dispatch' => 0,
+ '-mios-simulator-version-min' => 0, # This really has 1 argument, but always has '='
'-isysroot' => 1,
'-arch' => 1,
'-m32' => 0,
@@ -434,12 +431,18 @@ if ($Status) { exit($Status >> 8); }
# Get the analysis options.
my $Analyses = $ENV{'CCC_ANALYZER_ANALYSIS'};
+# Get the plugins to load.
+my $Plugins = $ENV{'CCC_ANALYZER_PLUGINS'};
+
# Get the store model.
my $StoreModel = $ENV{'CCC_ANALYZER_STORE_MODEL'};
# Get the constraints engine.
my $ConstraintsModel = $ENV{'CCC_ANALYZER_CONSTRAINTS_MODEL'};
+#Get the internal stats setting.
+my $InternalStats = $ENV{'CCC_ANALYZER_INTERNAL_STATS'};
+
# Get the output format.
my $OutputFormat = $ENV{'CCC_ANALYZER_OUTPUT_FORMAT'};
if (!defined $OutputFormat) { $OutputFormat = "html"; }
@@ -644,11 +647,19 @@ if ($Action eq 'compile' or $Action eq 'link') {
if (defined $ConstraintsModel) {
push @AnalyzeArgs, "-analyzer-constraints=$ConstraintsModel";
}
+
+ if (defined $InternalStats) {
+ push @AnalyzeArgs, "-analyzer-stats";
+ }
if (defined $Analyses) {
push @AnalyzeArgs, split '\s+', $Analyses;
}
+ if (defined $Plugins) {
+ push @AnalyzeArgs, split '\s+', $Plugins;
+ }
+
if (defined $OutputFormat) {
push @AnalyzeArgs, "-analyzer-output=" . $OutputFormat;
if ($OutputFormat =~ /plist/) {
diff --git a/tools/scan-build/scan-build b/tools/scan-build/scan-build
index 59b0baf..65c4893 100755
--- a/tools/scan-build/scan-build
+++ b/tools/scan-build/scan-build
@@ -28,7 +28,7 @@ my $BuildName;
my $BuildDate;
my $TERM = $ENV{'TERM'};
-my $UseColor = (defined $TERM and $TERM eq 'xterm-color' and -t STDOUT
+my $UseColor = (defined $TERM and $TERM =~ 'xterm-.*color' and -t STDOUT
and defined $ENV{'SCAN_BUILD_COLOR'});
my $UserName = HtmlEscape(getpwuid($<) || 'unknown');
@@ -36,6 +36,7 @@ my $HostName = HtmlEscape(hostname() || 'unknown');
my $CurrentDir = HtmlEscape(getcwd());
my $CurrentDirSuffix = basename($CurrentDir);
+my @PluginsToLoad;
my $CmdArgs;
my $HtmlTitle;
@@ -77,6 +78,21 @@ sub DieDiag {
}
##----------------------------------------------------------------------------##
+# Print default checker names
+##----------------------------------------------------------------------------##
+
+if (grep /^--help-checkers$/, @ARGV) {
+ my @options = qx($0 -h);
+ foreach (@options) {
+ next unless /^ \+/;
+ s/^\s*//;
+ my ($sign, $name, @text) = split ' ', $_;
+ print $name, $/ if $sign eq '+';
+ }
+ exit 1;
+}
+
+##----------------------------------------------------------------------------##
# Some initial preprocessing of Clang options.
##----------------------------------------------------------------------------##
@@ -91,13 +107,16 @@ if (!defined $ClangSB || ! -x $ClangSB) {
$Clang = `which clang`;
chomp $Clang;
if ($Clang eq "") {
- DieDiag("No 'clang' executable found in path.");
+ DieDiag("No 'clang' executable found in path.\n");
}
}
else {
$Clang = $ClangSB;
}
-my $ClangCXX = $Clang . "++";
+my $ClangCXX = $Clang;
+$ClangCXX =~ s/\-\d+\.\d+$//;
+$ClangCXX .= "++";
+my $ClangVersion = HtmlEscape(`$Clang --version`);
##----------------------------------------------------------------------------##
# GetHTMLRunDir - Construct an HTML directory name for the current sub-run.
@@ -590,6 +609,7 @@ function ToggleDisplay(CheckButton, ClassName) {
<tr><th>User:</th><td>${UserName}\@${HostName}</td></tr>
<tr><th>Working Directory:</th><td>${CurrentDir}</td></tr>
<tr><th>Command Line:</th><td>${CmdArgs}</td></tr>
+<tr><th>Clang Version:</th><td>${ClangVersion}</td></tr>
<tr><th>Date:</th><td>${Date}</td></tr>
ENDTEXT
@@ -848,19 +868,87 @@ sub AddIfNotPresent {
}
}
-sub RunBuildCommand {
+sub SetEnv {
+ my $Options = shift @_;
+ foreach my $opt ('CC', 'CXX', 'CLANG', 'CLANG_CXX',
+ 'CCC_ANALYZER_ANALYSIS', 'CCC_ANALYZER_PLUGINS') {
+ die "$opt is undefined\n" if (!defined $opt);
+ $ENV{$opt} = $Options->{$opt};
+ }
+ foreach my $opt ('CCC_ANALYZER_STORE_MODEL',
+ 'CCC_ANALYZER_PLUGINS',
+ 'CCC_ANALYZER_INTERNAL_STATS',
+ 'CCC_ANALYZER_OUTPUT_FORMAT') {
+ my $x = $Options->{$opt};
+ if (defined $x) { $ENV{$opt} = $x }
+ }
+ my $Verbose = $Options->{'VERBOSE'};
+ if ($Verbose >= 2) {
+ $ENV{'CCC_ANALYZER_VERBOSE'} = 1;
+ }
+ if ($Verbose >= 3) {
+ $ENV{'CCC_ANALYZER_LOG'} = 1;
+ }
+}
+
+sub RunXcodebuild {
+ my $Args = shift;
+ my $IgnoreErrors = shift;
+ my $CCAnalyzer = shift;
+ my $CXXAnalyzer = shift;
+ my $Options = shift;
+
+ if ($IgnoreErrors) {
+ AddIfNotPresent($Args,"-PBXBuildsContinueAfterErrors=YES");
+ }
+
+ # Default to old behavior where we insert a bogus compiler.
+ SetEnv($Options);
+
+ # Check if using iPhone SDK 3.0 (simulator). If so the compiler being
+ # used should be gcc-4.2.
+ if (!defined $ENV{"CCC_CC"}) {
+ for (my $i = 0 ; $i < scalar(@$Args); ++$i) {
+ if ($Args->[$i] eq "-sdk" && $i + 1 < scalar(@$Args)) {
+ if (@$Args[$i+1] =~ /^iphonesimulator3/) {
+ $ENV{"CCC_CC"} = "gcc-4.2";
+ $ENV{"CCC_CXX"} = "g++-4.2";
+ }
+ }
+ }
+ }
+
+ # Disable PCH files until clang supports them.
+ AddIfNotPresent($Args,"GCC_PRECOMPILE_PREFIX_HEADER=NO");
+ # When 'CC' is set, xcodebuild uses it to do all linking, even if we are
+ # linking C++ object files. Set 'LDPLUSPLUS' so that xcodebuild uses 'g++'
+ # (via c++-analyzer) when linking such files.
+ $ENV{"LDPLUSPLUS"} = $CXXAnalyzer;
+
+ return (system(@$Args) >> 8);
+}
+
+sub RunBuildCommand {
my $Args = shift;
my $IgnoreErrors = shift;
my $Cmd = $Args->[0];
my $CCAnalyzer = shift;
my $CXXAnalyzer = shift;
+ my $Options = shift;
# Get only the part of the command after the last '/'.
if ($Cmd =~ /\/([^\/]+)$/) {
$Cmd = $1;
}
+ if ($Cmd eq "xcodebuild") {
+ return RunXcodebuild($Args, $IgnoreErrors, $CCAnalyzer, $CXXAnalyzer, $Options);
+ }
+
+ # Setup the environment.
+ SetEnv($Options);
+
if ($Cmd =~ /(.*\/?gcc[^\/]*$)/ or
$Cmd =~ /(.*\/?cc[^\/]*$)/ or
$Cmd =~ /(.*\/?llvm-gcc[^\/]*$)/ or
@@ -892,34 +980,8 @@ sub RunBuildCommand {
AddIfNotPresent($Args,"-k");
AddIfNotPresent($Args,"-i");
}
- elsif ($Cmd eq "xcodebuild") {
- AddIfNotPresent($Args,"-PBXBuildsContinueAfterErrors=YES");
- }
}
-
- if ($Cmd eq "xcodebuild") {
- # Check if using iPhone SDK 3.0 (simulator). If so the compiler being
- # used should be gcc-4.2.
- if (!defined $ENV{"CCC_CC"}) {
- for (my $i = 0 ; $i < scalar(@$Args); ++$i) {
- if ($Args->[$i] eq "-sdk" && $i + 1 < scalar(@$Args)) {
- if (@$Args[$i+1] =~ /^iphonesimulator3/) {
- $ENV{"CCC_CC"} = "gcc-4.2";
- $ENV{"CCC_CXX"} = "g++-4.2";
- }
- }
- }
- }
- # Disable PCH files until clang supports them.
- AddIfNotPresent($Args,"GCC_PRECOMPILE_PREFIX_HEADER=NO");
-
- # When 'CC' is set, xcodebuild uses it to do all linking, even if we are
- # linking C++ object files. Set 'LDPLUSPLUS' so that xcodebuild uses 'g++'
- # (via c++-analyzer) when linking such files.
- $ENV{"LDPLUSPLUS"} = $CXXAnalyzer;
- }
-
return (system(@$Args) >> 8);
}
@@ -1007,7 +1069,8 @@ ADVANCED OPTIONS:
-maxloop N - specifiy the number of times a block can be visited before giving
up. Default is 4. Increase for more comprehensive coverage at a
cost of speed.
-
+ -internal-stats - Generate internal analyzer statistics.
+
CONTROLLING CHECKERS:
A default group of checkers are always run unless explicitly disabled.
@@ -1015,9 +1078,23 @@ CONTROLLING CHECKERS:
-enable-checker [checker name]
-disable-checker [checker name]
+
+LOADING CHECKERS:
+
+ Loading external checkers using the clang plugin interface:
+
+ -load-plugin [plugin library]
ENDTEXT
# Query clang for list of checkers that are enabled.
+
+# create a list to load the plugins via the 'Xclang' command line
+# argument
+my @PluginLoadCommandline_xclang;
+foreach my $param ( @PluginsToLoad ) {
+ push ( @PluginLoadCommandline_xclang, "-Xclang" );
+ push ( @PluginLoadCommandline_xclang, $param );
+}
my %EnabledCheckers;
foreach my $lang ("c", "objective-c", "objective-c++", "c++") {
pipe(FROM_CHILD, TO_PARENT);
@@ -1026,7 +1103,7 @@ foreach my $lang ("c", "objective-c", "objective-c++", "c++") {
close FROM_CHILD;
open(STDOUT,">&", \*TO_PARENT);
open(STDERR,">&", \*TO_PARENT);
- exec $Clang, ('--analyze', '-x', $lang, '-', '-###');
+ exec $Clang, ( @PluginLoadCommandline_xclang, '--analyze', '-x', $lang, '-', '-###');
}
close(TO_PARENT);
while(<FROM_CHILD>) {
@@ -1048,7 +1125,7 @@ if ($pid == 0) {
close FROM_CHILD;
open(STDOUT,">&", \*TO_PARENT);
open(STDERR,">&", \*TO_PARENT);
- exec $Clang, ('-cc1', '-analyzer-checker-help');
+ exec $Clang, ('-cc1', @PluginsToLoad , '-analyzer-checker-help');
}
close(TO_PARENT);
my $foundCheckers = 0;
@@ -1084,7 +1161,9 @@ else {
if ($EnabledCheckers{$aggregate}) {
$enabled =1;
last;
- }
+ }
+ # append a dot, if an additional domain is added in the next iteration
+ $aggregate .= ".";
}
if ($enabled) {
@@ -1160,6 +1239,7 @@ my $ExitStatusFoundBugs = 0; # Exit status reflects whether bugs were found
my @AnalysesToRun;
my $StoreModel;
my $ConstraintsModel;
+my $InternalStats;
my $OutputFormat = "html";
my $AnalyzerStats = 0;
my $MaxLoop = 0;
@@ -1291,6 +1371,12 @@ while (@ARGV) {
$ConstraintsModel = shift @ARGV;
next;
}
+
+ if ($arg eq "-internal-stats") {
+ shift @ARGV;
+ $InternalStats = 1;
+ next;
+ }
if ($arg eq "-plist") {
shift @ARGV;
@@ -1327,7 +1413,12 @@ while (@ARGV) {
push @AnalysesToRun, "-analyzer-disable-checker", shift @ARGV;
next;
}
-
+ if ($arg eq "-load-plugin") {
+ shift @ARGV;
+ push @PluginsToLoad, "-load", shift @ARGV;
+ next;
+ }
+
DieDiag("unrecognized option '$arg'\n") if ($arg =~ /^-/);
last;
@@ -1371,42 +1462,42 @@ if (!defined $ClangSB || ! -x $ClangSB) {
Diag("Using 'clang' from path: $Clang\n");
}
-# Set the appropriate environment variables.
SetHtmlEnv(\@ARGV, $HtmlDir);
-$ENV{'CC'} = $Cmd;
-$ENV{'CXX'} = $CmdCXX;
-$ENV{'CLANG'} = $Clang;
-$ENV{'CLANG_CXX'} = $ClangCXX;
-if ($Verbose >= 2) {
- $ENV{'CCC_ANALYZER_VERBOSE'} = 1;
-}
-if ($Verbose >= 3) {
- $ENV{'CCC_ANALYZER_LOG'} = 1;
-}
-if ($AnalyzeHeaders) {
- push @AnalysesToRun,"-analyzer-opt-analyze-headers";
-}
-if ($AnalyzerStats) {
- push @AnalysesToRun, '-analyzer-checker', 'debug.Stats';
-}
-if ($MaxLoop > 0) {
- push @AnalysesToRun, '-analyzer-max-loop ' . $MaxLoop;
-}
-
-$ENV{'CCC_ANALYZER_ANALYSIS'} = join ' ',@AnalysesToRun;
+if ($AnalyzeHeaders) { push @AnalysesToRun,"-analyzer-opt-analyze-headers"; }
+if ($AnalyzerStats) { push @AnalysesToRun, '-analyzer-checker=debug.Stats'; }
+if ($MaxLoop > 0) { push @AnalysesToRun, '-analyzer-max-loop=$MaxLoop'; }
+
+# Delay setting up other environment variables in case we can do true
+# interposition.
+my $CCC_ANALYZER_ANALYSIS = join ' ',@AnalysesToRun;
+my $CCC_ANALYZER_PLUGINS = join ' ',@PluginsToLoad;
+my %Options = (
+ 'CC' => $Cmd,
+ 'CXX' => $CmdCXX,
+ 'CLANG' => $Clang,
+ 'CLANG_CXX' => $ClangCXX,
+ 'VERBOSE' => $Verbose,
+ 'CCC_ANALYZER_ANALYSIS' => $CCC_ANALYZER_ANALYSIS,
+ 'CCC_ANALYZER_PLUGINS' => $CCC_ANALYZER_PLUGINS,
+ 'OUTPUT_DIR' => $HtmlDir
+);
if (defined $StoreModel) {
- $ENV{'CCC_ANALYZER_STORE_MODEL'} = $StoreModel;
+ $Options{'CCC_ANALYZER_STORE_MODEL'} = $StoreModel;
}
if (defined $ConstraintsModel) {
- $ENV{'CCC_ANALYZER_CONSTRAINTS_MODEL'} = $ConstraintsModel;
+ $Options{'CCC_ANALYZER_CONSTRAINTS_MODEL'} = $ConstraintsModel;
+}
+if (defined $InternalStats) {
+ $Options{'CCC_ANALYZER_INTERNAL_STATS'} = 1;
}
if (defined $OutputFormat) {
- $ENV{'CCC_ANALYZER_OUTPUT_FORMAT'} = $OutputFormat;
+ $Options{'CCC_ANALYZER_OUTPUT_FORMAT'} = $OutputFormat;
}
# Run the build.
-my $ExitStatus = RunBuildCommand(\@ARGV, $IgnoreErrors, $Cmd, $CmdCXX);
+my $ExitStatus = RunBuildCommand(\@ARGV, $IgnoreErrors, $Cmd, $CmdCXX,
+ \%Options);
if (defined $OutputFormat) {
if ($OutputFormat =~ /plist/) {
diff --git a/tools/scan-build/scan-build.1 b/tools/scan-build/scan-build.1
new file mode 100644
index 0000000..0f43196
--- /dev/null
+++ b/tools/scan-build/scan-build.1
@@ -0,0 +1,348 @@
+.\" This file is distributed under the University of Illinois Open Source
+.\" License. See LICENSE.TXT for details.
+.\" $Id: scan-build.1 157412 2012-05-24 20:16:00Z kremenek $
+.Dd May 25, 2012
+.Os "clang" "3.1"
+.Dt SCAN-BUILD \&1 CLANG
+.Sh NAME
+.Nm scan-build
+.Nd Clang static analyzer
+.Sh SYNOPSIS
+.Nm
+.Op Fl ohkvV
+.Op Fl analyze-headers
+.Op Fl enable-checker Op Ar checker_name
+.Op Fl disable-checker Op Ar checker_name
+.Op Fl Fl help
+.Op Fl Fl help-checkers
+.Op Fl Fl html-title Op Ar =title
+.Op Fl Fl keep-going
+.Op Fl plist
+.Op Fl plist-html
+.Op Fl Fl status-bugs
+.Op Fl Fl use-c++ Op Ar =compiler_path
+.Op Fl Fl use-cc Op Ar =compiler_path
+.Op Fl Fl view
+.Op Fl constraints Op Ar model
+.Op Fl maxloop Ar N
+.Op Fl no-failure-reports
+.Op Fl stats
+.Op Fl store Op Ar model
+.Ar build_command
+.Op build_options
+.\"
+.\" Sh DESCRIPTION
+.Sh DESCRIPTION
+.Nm
+is a Perl script that invokes the Clang static analyzer. Options used by
+.Nm
+or by the analyzer appear first, followed by the
+.Ar build_command
+and any
+.Ar build_options
+normally used to build the target system.
+.Pp
+The static analyzer employs a long list of checking algorithms, see
+.Sx CHECKERS .
+Output can be written in standard
+.Li .plist
+and/or HTML format.
+.Pp
+The following options are supported:
+.Bl -tag -width indent
+.It Fl analyze-headers
+Also analyze functions in #included files.
+.It Fl enable-checker Ar checker_name , Fl disable-checker Ar checker_name
+Enable/disable
+.Ar checker_name .
+See
+.Sx CHECKERS .
+.It Fl h , Fl Fl help
+Display this message.
+.It Fl Fl help-checkers
+List default checkers, see
+.Sx CHECKERS .
+.It Fl Fl html-title Ns Op = Ns Ar title
+Specify the title used on generated HTML pages.
+A default title is generated if
+.Ar title
+is not specified.
+.It Fl k , Fl Fl keep-going
+Add a
+.Dq keep on going
+option to
+.Ar build_command .
+Currently supports make and xcodebuild. This is a convenience option;
+one can specify this behavior directly using build options.
+.It Fl o
+Target directory for HTML report files. Subdirectories will be
+created as needed to represent separate invocations
+of the analyzer. If this option is not specified, a directory is
+created in /tmp (TMPDIR on Mac OS X) to store the reports.
+.It Fl plist
+Output the results as a set of
+.Li .plist
+files. (By default the output of
+.Nm
+is a set of HTML files.)
+.It Fl plist-html
+Output the results as a set of HTML and .plist files
+.It Fl Fl status-bugs
+Set exit status to 1 if it found potential bugs and 0 otherwise. By
+default the exit status of
+.Nm
+is that returned by
+.Ar build_command .
+.It Fl Fl use-c++ Ns Op = Ns Ar compiler_path
+Guess the default compiler for your C++ and Objective-C++ code. Use this
+option to specify an alternate compiler.
+.It Fl Fl use-cc Ns Op = Ns Ar compiler_path
+Guess the default compiler for your C and Objective-C code. Use this
+option to specify an alternate compiler.
+.It Fl v
+Verbose output from
+.Nm
+and the analyzer. A second and
+third
+.Ar v
+increases verbosity.
+.It Fl V , Fl Fl view
+View analysis results in a web browser when the build completes.
+.It Fl constraints Op Ar model
+Specify the contraint engine used by the analyzer. By default the
+.Ql range
+model is used. Specifying
+.Ql basic
+uses a simpler, less powerful constraint model used by checker-0.160
+and earlier.
+.It Fl maxloop Ar N
+Specifiy the number of times a block can be visited before giving
+up. Default is 4. Increase for more comprehensive coverage at a
+cost of speed.
+.It Fl no-failure-reports
+Do not create a
+.Ql failures
+subdirectory that includes analyzer crash reports and preprocessed
+source files.
+.It Fl stats
+Generates visitation statistics for the project being analyzed.
+.It Fl store Op Ar model
+Specify the store model used by the analyzer. By default, the
+.Ql region
+store model is used.
+.Ql region
+specifies a field-
+sensitive store model. Users can also specify
+.Ql basic
+which is far less precise but can more quickly analyze code.
+.Ql basic
+was the default store model for checker-0.221 and earlier.
+.\"
+.El
+.Sh RETURN VALUES
+.Nm
+returns the value returned by
+.Ar build_command
+unless
+.Fl Fl status-bugs
+or
+.Fl Fl keep-going
+is used.
+.\"
+.\" Other sections not yet used ...
+.\" .Sh ENVIRONMENT
+.\" .Sh FILES
+.\" .Sh DIAGNOSTICS
+.\" .Sh COMPATIBILITY
+.\" .Sh HISTORY
+.\" .Sh BUGS
+.\"
+.Sh CHECKERS
+The checkers listed below may be enabled/disabled using the
+.Fl enable-checker
+and
+.Fl disable-checker
+options.
+A default group of checkers is run unless explicitly disabled.
+Exactly which checkers constitute the default group is a function
+of the operating system in use; they are listed with
+.Fl Fl help-checkers .
+.Bl -tag -width indent.
+.It core.AdjustedReturnValue
+Check to see if the return value of a function call is different than
+the caller expects (e.g., from calls through function pointers).
+.It core.AttributeNonNull
+Check for null pointers passed as arguments to a function whose arguments are marked with the
+.Ql nonnull
+attribute.
+.It core.CallAndMessage
+Check for logical errors for function calls and Objective-C message expressions (e.g., uninitialized arguments, null function pointers).
+.It core.DivideZero
+Check for division by zero.
+.It core.NullDereference
+Check for dereferences of null pointers.
+.It core.StackAddressEscape
+Check that addresses to stack memory do not escape the function.
+.It core.UndefinedBinaryOperatorResult
+Check for undefined results of binary operators.
+.It core.VLASize
+Check for declarations of VLA of undefined or zero size.
+.It core.builtin.BuiltinFunctions
+Evaluate compiler builtin functions, e.g.
+.Fn alloca .
+.It core.builtin.NoReturnFunctions
+Evaluate
+.Ql panic
+functions that are known to not return to the caller.
+.It core.uninitialized.ArraySubscript
+Check for uninitialized values used as array subscripts.
+.It core.uninitialized.Assign
+Check for assigning uninitialized values.
+.It core.uninitialized.Branch
+Check for uninitialized values used as branch conditions.
+.It core.uninitialized.CapturedBlockVariable
+Check for blocks that capture uninitialized values.
+.It core.uninitialized.UndefReturn
+Check for uninitialized values being returned to the caller.
+.It deadcode.DeadStores
+Check for values stored to variables that are never read afterwards.
+.It debug.DumpCFG
+Display Control-Flow Graphs.
+.It debug.DumpCallGraph
+Display Call Graph.
+.It debug.DumpDominators
+Print the dominance tree for a given Control-Flow Graph.
+.It debug.DumpLiveVars
+Print results of live variable analysis.
+.It debug.Stats
+Emit warnings with analyzer statistics.
+.It debug.TaintTest
+Mark tainted symbols as such.
+.It debug.ViewCFG
+View Control-Flow Graphs using
+.Ic GraphViz .
+.It debug.ViewCallGraph
+View Call Graph using
+.Ic GraphViz .
+.It llvm.Conventions
+Check code for LLVM codebase conventions.
+.It osx.API
+Check for proper uses of various Mac OS X APIs.
+.It osx.AtomicCAS
+Evaluate calls to
+.Vt OSAtomic
+functions.
+.It osx.SecKeychainAPI
+Check for proper uses of Secure Keychain APIs.
+.It osx.cocoa.AtSync
+Check for null pointers used as mutexes for @synchronized.
+.It osx.cocoa.ClassRelease
+Check for sending
+.Ql retain ,
+.Ql release,
+or
+.Ql autorelease
+directly to a Class.
+.It osx.cocoa.IncompatibleMethodTypes
+Warn about Objective-C method signatures with type incompatibilities.
+.It osx.cocoa.NSAutoreleasePool
+Warn for suboptimal uses of
+.Vt NSAutoreleasePool
+in Objective-C GC mode.
+.It osx.cocoa.NSError
+Check usage of NSError** parameters.
+.It osx.cocoa.NilArg
+Check for prohibited nil arguments to Objective-C method calls.
+.It osx.cocoa.RetainCount
+Check for leaks and improper reference count management.
+.It osx.cocoa.SelfInit
+Check that
+.Ql self
+is properly initialized inside an initializer method.
+.It osx.cocoa.UnusedIvars
+Warn about private ivars that are never used.
+.It osx.cocoa.VariadicMethodTypes
+Check for passing non-Objective-C types to variadic methods that expect only Objective-C types.
+.It osx.coreFoundation.CFError
+Check usage of CFErrorRef* parameters.
+.It osx.coreFoundation.CFNumber
+Check for proper uses of
+.Fn CFNumberCreate .
+.It osx.coreFoundation.CFRetainRelease
+Check for null arguments to
+.Fn CFRetain
+and
+.Fn CFRelease .
+.It osx.coreFoundation.containers.OutOfBounds
+Checks for index out-of-bounds when using the
+.Vt CFArray
+API.
+.It osx.coreFoundation.containers.PointerSizedValues
+Warns if
+.Vt CFArray ,
+.Vt CFDictionary ,
+or
+.Vt CFSet
+are created with non-pointer-size values.
+.It security.FloatLoopCounter
+Warn on using a floating point value as a loop counter (CERT: FLP30-C, FLP30-CPP).
+.It security.insecureAPI.UncheckedReturn
+Warn on uses of functions whose return values must be always checked.
+.It security.insecureAPI.getpw
+Warn on uses of
+.Fn getpw .
+.It security.insecureAPI.gets
+Warn on uses of
+.Fn gets .
+.It security.insecureAPI.mkstemp
+Warn when
+.Fn mkstemp
+is passed fewer than 6 X's in the format string.
+.It security.insecureAPI.mktemp
+Warn on uses of
+.Fn mktemp .
+.It security.insecureAPI.rand
+Warn on uses of
+.Fn rand ,
+.Fn random ,
+and related functions.
+.It security.insecureAPI.strcpy
+Warn on uses of
+.Fn strcpy
+and
+.Fn strcat .
+.It security.insecureAPI.vfork
+Warn on uses of
+.Fn vfork .
+.It unix.API
+Check calls to various UNIX/Posix functions.
+.It unix.Malloc
+Check for memory leaks, double free, and use-after-free.
+.It unix.cstring.BadSizeArg
+Check the size argument passed into C string functions for common
+erroneous patterns.
+.It unix.cstring.NullArg
+Check for null pointers being passed as arguments to C string functions.
+.El
+.\"
+.Sh EXAMPLE
+.Ic scan-build -o /tmp/myhtmldir make -j4
+.Pp
+The above example causes analysis reports to be deposited into
+a subdirectory of
+.Pa /tmp/myhtmldir
+and to run
+.Ic make
+with the
+.Fl j4
+option.
+A different subdirectory is created each time
+.Nm
+analyzes a project.
+The analyzer should support most parallel builds, but not distributed builds.
+.Sh AUTHORS
+.Nm
+was written by
+.An "Ted Kremenek" .
+Documentation contributed by
+.An "James K. Lowden" Aq jklowden@schemamania.org .
diff --git a/tools/scan-build/set-xcode-analyzer b/tools/scan-build/set-xcode-analyzer
index 06e1d85..c280bb4 100755
--- a/tools/scan-build/set-xcode-analyzer
+++ b/tools/scan-build/set-xcode-analyzer
@@ -75,7 +75,11 @@ def main():
print "(+) Using the Clang bundled with Xcode"
path = options.default
- xcode_path = subprocess.check_output(["xcode-select", "-print-path"])
+ try:
+ xcode_path = subprocess.check_output(["xcode-select", "-print-path"])
+ except AttributeError:
+ # Fall back to the default install location when using Python < 2.7.0
+ xcode_path = "/Developer"
if (re.search("Xcode.app", xcode_path)):
# Cut off the 'Developer' dir, as the xcspec lies in another part
# of the Xcode.app subtree.
OpenPOWER on IntegriCloud