diff options
Diffstat (limited to 'www/StaticAnalysisUsage.html')
-rw-r--r-- | www/StaticAnalysisUsage.html | 274 |
1 files changed, 274 insertions, 0 deletions
diff --git a/www/StaticAnalysisUsage.html b/www/StaticAnalysisUsage.html new file mode 100644 index 0000000..daab89f --- /dev/null +++ b/www/StaticAnalysisUsage.html @@ -0,0 +1,274 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" + "http://www.w3.org/TR/html4/strict.dtd"> +<html> +<head> + <title>Information on using the Static Analyzer ("Clang Checker")</title> + <link type="text/css" rel="stylesheet" href="menu.css" /> + <link type="text/css" rel="stylesheet" href="content.css" /> + <style> + thead { + background-color:#eee; color:#666666; + font-weight: bold; cursor: default; + text-align:center; + border-top: 2px solid #000000; + border-bottom: 2px solid #000000; + font-weight: bold; font-family: Verdana + } + table { border: 1px #000000 solid } + table { border-collapse: collapse; border-spacing: 0px } + table { margin-left:20px; margin-top:20px; margin-bottom:20px } + td { border-bottom: 1px #000000 dotted } + td { padding:5px; padding-left:8px; padding-right:8px } + td { text-align:left; font-size:9pt } + td.View { padding-left: 10px } + </style> +</head> +<body> + +<!--#include virtual="menu.html.incl"--> + +<div id="content"> + +<h1>Information on using the Static Analyzer</h1> + +<h2 id="Obtaining">Obtaining the Analyzer</h2> + +<p> Using the analyzer involves executing <tt>scan-build</tt> (see <a +href="#BasicUsage">Basic Usage</a>). <tt>scan-build</tt> will first look for a +<tt>clang</tt> executable in the same directory as <tt>scan-build</tt>, and then +search your path.</p> + +<p>If one is using the analyzer directly from the Clang sources, it suffices to +just directly execute <tt>scan-build</tt> in the <tt>utils</tt> directory. No +other special installation is needed.</p> + +<h3>Packaged Builds (Mac OS X)</h3> + +<p>Semi-regular pre-built binaries of the analyzer are available on Mac OS X +(10.5).</p> + +<p>The latest build is: + <!--#include virtual="latest_checker.html.incl"--> +</p> + +Packaged builds for other platforms may eventually be provided, but as the tool +is in its early stages we are not actively promoting releases yet. If you wish +to help contribute regular builds of the analyzer on other platforms, please +email the <a href="http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev">Clang +Developers' mailing list</a>.</p> + +<p>Packaged builds of the analyzer expand to the following files:</p> + +<table id="package"> +<thead><tr><td>File</td><td>Purpose</td></tr></thead> +<tr><td><tt><b>scan-build</b></tt></td><td>Script for running the analyzer over a project build. <b>This is the only file you care about.</b></td></tr> +<tr><td><tt>ccc-analyzer</tt></td><td>GCC interceptor (called by scan-build)</td></tr> +<tr><td><tt>clang</tt></td><td>Static Analyzer (called by ccc-analyzer)</td><tr> +<tr><td><tt>sorttable.js</tt></td><td>JavaScript used for displaying error reports</td></tr> +</table> + +<h3 id="OtherPlatforms">Other Platforms (Building the Analyzer from Source)</h3> + +<p>Packaged builds simply consist of a few files from the Clang source tree, +meaning that <b>anyone</b> who can build Clang can use the static analyzer. +Please see the <a href="get_started.html">Getting Started</a> page for more +details on downloading and compiling Clang.</p> + +<p>All files used by the analyzer (and included in packaged builds; <a +href="#package">see above</a>) other than a compiled <tt>clang</tt> executable +are found in the <tt>utils</tt> subdirectory in the Clang tree.</p> + +<h2 id="BasicUsage">Basic Usage</h2> + +<p>The analyzer is executed from the command-line. To run the analyzer, you will +use <tt>scan-build</tt> to analyze the source files compiled by <tt>gcc</tt> +during a project build.</p> + +<p>For example, to analyze the files compiled under a build:</p> + +<pre> + $ <b>scan-build</b> make + $ <b>scan-build</b> xcodebuild +</pre> + +<p> In the first case <tt>scan-build</tt> analyzes the code of a project built +with <tt>make</tt>, and in the second case <tt>scan-build</tt> analyzes a project +built using <tt>xcodebuild</tt>. In general, the format is: </p> + +<pre> + $ <b>scan-build</b> <i>[scan-build options]</i> <b><command></b> <i>[command options]</i> +</pre> + +<p> Operationally, <tt>scan-build</tt> literally runs <command> with all of the +subsequent options passed to it. For example:</p> + +<pre> + $ scan-build make <b>-j4</b> +</pre> + +<p>In this example, <tt>scan-build</tt> makes no effort to interpret the options +after the build command (in this case, <tt>make</tt>); it just passes them +through. In general, <tt>scan-build</tt> should support parallel builds, but +<b>not distributed builds</b>. Similarly, you can use <tt>scan-build</tt> to +analyze specific files: + +<pre> + $ scan-build gcc -c <b>t1.c t2.c</b> +</pre> + +<p> +This example causes the files <tt>t1.c</tt> and <tt>t2.c</tt> to be analyzed. +</p> + +<h3>Other Options</h3> + +<p> +As mentioned above, extra options can be passed to <tt>scan-build</tt>. These +options prefix the build command. For example:</p> + +<pre> + $ scan-build <b>-k -V</b> make + $ scan-build <b>-k -V</b> xcodebuild +</pre> + +<p>Here is a subset of useful options:</p> + +<table> + <thead><tr><td>Option</td><td>Description</td></tr></thead> + + <tr><td><b>-o</b></td><td>Target directory for HTML report files. Subdirectories will be + created as needed to represent separate "runs" of the analyzer. If this option +is not specified, a directory is created in <tt>/tmp</tt> to store the +reports.</td><tr> + + <tr><td><b>-h</b><br><i><nobr>(or no arguments)</nobr></i></td><td>Display all <tt>scan-build</tt> options.</td></tr> + + <tr><td><b>-k</b><br><nobr><b>--keep-going</b></nobr></td><td>Add a "keep on going" option to the + specified build command. <p>This option currently supports <tt>make</tt> and + <tt>xcodebuild</tt>.</p> <p>This is a convenience option; one can specify this + behavior directly using build options.</p></td></tr> + + <tr><td><b>-v<b></td><td>Verbose output from scan-build and the analyzer. <b>A second and third + "-v" increases verbosity</b>, and is useful for filing bug reports against the analyzer.</td></tr> + + <tr><td><b>-V</b></td><td>View analysis results in a web browser when the build command completes.</td></tr> +</table> + +<h2 id="Output">Output of the Analyzer</h2> + +<p> +The output of the analyzer is a set of HTML files, each one which represents a +separate bug report. A single <tt>index.html</tt> file is generated for +surveying all of the bugs. You can then just open <tt>index.html</tt> in a web +browser to view the bug reports. +</p> + +<p> +Where the HTML files are generated is specified with a <b>-o</b> option to +<tt>scan-build</tt>. If <b>-o</b> isn't specified, a directory in <tt>/tmp</tt> +is created to store the files (<tt>scan-build</tt> will print a message telling +you where they are). If you want to view the reports immediately after the build +completes, pass <b>-V</b> to <tt>scan-build</tt>. +</p> + + +<h2 id="RecommendedUsageGuidelines">Recommended Usage Guidelines</h2> + +Here are a few recommendations with running the analyzer: + +<h3>Always Analyze a Project in its "Debug" Configuration</h3> + +<p>Most projects can be built in a "debug" mode that enables assertions. +Assertions are picked up by the static analyzer to prune infeasible paths, which +in some cases can greatly reduce the number of false positives (bogus error +reports) emitted by the tool.</p> + +<h3>Pass -k to scan-build</h3> + +<p>While <tt>ccc-analyzer</tt> invokes <tt>gcc</tt> to compile code, any +problems in correctly forwarding arguments to <tt>gcc</tt> may result in a build +failure. Passing <b>-k</b> to <tt>scan-build</tt> potentially allows you to +analyze other code in a project for which this problem doesn't occur.</p> + +<p> Also, it is useful to analyze a project even if not all of the source files +are compilable. This is great when using <tt>scan-build</tt> as part of your +compile-debug cycle.</p> + +<h3>Use Verbose Output when Debugging scan-build</h3> + +<p><tt>scan-build</tt> takes a <b>-v</b> option to emit verbose output about +what it's doing; two <b>-v</b> options emit more information. Redirecting the +output of <tt>scan-build</tt> to a text file (make sure to redirect standard +error) is useful for filing bug reports against <tt>scan-build</tt> or the +analyzer, as we can see the exact options (and files) passed to the analyzer. +For more comprehensible logs, don't perform a parallel build.</p> + +<h2 id="Debugging">Debugging the Analyzer</h2> + +<p>This section provides information on debugging the analyzer, and troubleshooting +it when you have problems analyzing a particular project.</p> + +<h3>How it Works</h3> + +<p>To analyze a project, <tt>scan-build</tt> simply sets the environment variable +<tt>CC</tt> to the full path to <tt>ccc-analyzer</tt>. It also sets a few other +environment variables to communicate to <tt>ccc-analyzer</tt> where to dump HTML +report files.</p> + +<p>Some Makefiles (or equivalent project files) hardcode the compiler; for such +projects simply overriding <tt>CC</tt> won't cause <tt>ccc-analyzer</tt> to be +called. This will cause the compiled code <b>to not be analyzed.</b></p> If you +find that your code isn't being analyzed, check to see if <tt>CC</tt> is +hardcoded. If this is the case, you can hardcode it instead to the <b>full +path</b> to <tt>ccc-analyzer</tt>.</p> + +<p>When applicable, you can also run <tt>./configure</tt> for a project through +<tt>scan-build</tt> so that configure sets up the location of <tt>CC</tt> based +on the environment passed in from <tt>scan-build</tt>: + +<pre> + $ scan-build <b>./configure</b> +</pre> + +<p><tt>scan-build</tt> has special knowledge about <tt>configure</tt>, so it in +most cases will not actually analyze the configure tests run by +<tt>configure</tt>.</p> + +<p>Under the hood, <tt>ccc-analyzer</tt> directly invokes <tt>gcc</tt> to +compile the actual code in addition to running the analyzer (which occurs by it +calling <tt>clang</tt>). <tt>ccc-analyzer</tt> tries to correctly forward all +the arguments over to <tt>gcc</tt>, but this may not work perfectly (please +report bugs of this kind). + +<h2 id="filingbugs">Filing Bugs and Feature Requests</h2> + +<p>We encourage users to file bug reports for any problems that they encounter. +We also welcome feature requests. When filing a bug report, please do the +following:</p> + +<ul> + +<li>Include the checker build (for prebuilt Mac OS X binaries) or the SVN +revision number.</li> + +<li>Provide a self-encapsulated, reduced test case that exhibits the issue + you are experiencing.</li> + +<li>Test cases don't tell us everything. Please briefly describe the problem you are seeing.</li> + +</ul> + +<h3>Outside Apple</h3> + +<p>Please <a href="http://llvm.org/bugs/enter_bug.cgi?product=clang">file +bugs</a> in LLVM's Bugzilla database against the Clang <b>Static Analyzer</b> +component.</p> + +<h3>Apple-internal Users</h3> + +<p>Please file bugs in Radar against the <b>llvm - checker</b> component.</p> + +</div> +</body> +</html> + |