summaryrefslogtreecommitdiffstats
path: root/www/StaticAnalysisUsage.html
diff options
context:
space:
mode:
Diffstat (limited to 'www/StaticAnalysisUsage.html')
-rw-r--r--www/StaticAnalysisUsage.html274
1 files changed, 274 insertions, 0 deletions
diff --git a/www/StaticAnalysisUsage.html b/www/StaticAnalysisUsage.html
new file mode 100644
index 0000000..daab89f
--- /dev/null
+++ b/www/StaticAnalysisUsage.html
@@ -0,0 +1,274 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
+ "http://www.w3.org/TR/html4/strict.dtd">
+<html>
+<head>
+ <title>Information on using the Static Analyzer ("Clang Checker")</title>
+ <link type="text/css" rel="stylesheet" href="menu.css" />
+ <link type="text/css" rel="stylesheet" href="content.css" />
+ <style>
+ thead {
+ background-color:#eee; color:#666666;
+ font-weight: bold; cursor: default;
+ text-align:center;
+ border-top: 2px solid #000000;
+ border-bottom: 2px solid #000000;
+ font-weight: bold; font-family: Verdana
+ }
+ table { border: 1px #000000 solid }
+ table { border-collapse: collapse; border-spacing: 0px }
+ table { margin-left:20px; margin-top:20px; margin-bottom:20px }
+ td { border-bottom: 1px #000000 dotted }
+ td { padding:5px; padding-left:8px; padding-right:8px }
+ td { text-align:left; font-size:9pt }
+ td.View { padding-left: 10px }
+ </style>
+</head>
+<body>
+
+<!--#include virtual="menu.html.incl"-->
+
+<div id="content">
+
+<h1>Information on using the Static Analyzer</h1>
+
+<h2 id="Obtaining">Obtaining the Analyzer</h2>
+
+<p> Using the analyzer involves executing <tt>scan-build</tt> (see <a
+href="#BasicUsage">Basic Usage</a>). <tt>scan-build</tt> will first look for a
+<tt>clang</tt> executable in the same directory as <tt>scan-build</tt>, and then
+search your path.</p>
+
+<p>If one is using the analyzer directly from the Clang sources, it suffices to
+just directly execute <tt>scan-build</tt> in the <tt>utils</tt> directory. No
+other special installation is needed.</p>
+
+<h3>Packaged Builds (Mac OS X)</h3>
+
+<p>Semi-regular pre-built binaries of the analyzer are available on Mac OS X
+(10.5).</p>
+
+<p>The latest build is:
+ <!--#include virtual="latest_checker.html.incl"-->
+</p>
+
+Packaged builds for other platforms may eventually be provided, but as the tool
+is in its early stages we are not actively promoting releases yet. If you wish
+to help contribute regular builds of the analyzer on other platforms, please
+email the <a href="http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev">Clang
+Developers' mailing list</a>.</p>
+
+<p>Packaged builds of the analyzer expand to the following files:</p>
+
+<table id="package">
+<thead><tr><td>File</td><td>Purpose</td></tr></thead>
+<tr><td><tt><b>scan-build</b></tt></td><td>Script for running the analyzer over a project build. <b>This is the only file you care about.</b></td></tr>
+<tr><td><tt>ccc-analyzer</tt></td><td>GCC interceptor (called by scan-build)</td></tr>
+<tr><td><tt>clang</tt></td><td>Static Analyzer (called by ccc-analyzer)</td><tr>
+<tr><td><tt>sorttable.js</tt></td><td>JavaScript used for displaying error reports</td></tr>
+</table>
+
+<h3 id="OtherPlatforms">Other Platforms (Building the Analyzer from Source)</h3>
+
+<p>Packaged builds simply consist of a few files from the Clang source tree,
+meaning that <b>anyone</b> who can build Clang can use the static analyzer.
+Please see the <a href="get_started.html">Getting Started</a> page for more
+details on downloading and compiling Clang.</p>
+
+<p>All files used by the analyzer (and included in packaged builds; <a
+href="#package">see above</a>) other than a compiled <tt>clang</tt> executable
+are found in the <tt>utils</tt> subdirectory in the Clang tree.</p>
+
+<h2 id="BasicUsage">Basic Usage</h2>
+
+<p>The analyzer is executed from the command-line. To run the analyzer, you will
+use <tt>scan-build</tt> to analyze the source files compiled by <tt>gcc</tt>
+during a project build.</p>
+
+<p>For example, to analyze the files compiled under a build:</p>
+
+<pre>
+ $ <b>scan-build</b> make
+ $ <b>scan-build</b> xcodebuild
+</pre>
+
+<p> In the first case <tt>scan-build</tt> analyzes the code of a project built
+with <tt>make</tt>, and in the second case <tt>scan-build</tt> analyzes a project
+built using <tt>xcodebuild</tt>. In general, the format is: </p>
+
+<pre>
+ $ <b>scan-build</b> <i>[scan-build options]</i> <b>&lt;command&gt;</b> <i>[command options]</i>
+</pre>
+
+<p> Operationally, <tt>scan-build</tt> literally runs <command> with all of the
+subsequent options passed to it. For example:</p>
+
+<pre>
+ $ scan-build make <b>-j4</b>
+</pre>
+
+<p>In this example, <tt>scan-build</tt> makes no effort to interpret the options
+after the build command (in this case, <tt>make</tt>); it just passes them
+through. In general, <tt>scan-build</tt> should support parallel builds, but
+<b>not distributed builds</b>. Similarly, you can use <tt>scan-build</tt> to
+analyze specific files:
+
+<pre>
+ $ scan-build gcc -c <b>t1.c t2.c</b>
+</pre>
+
+<p>
+This example causes the files <tt>t1.c</tt> and <tt>t2.c</tt> to be analyzed.
+</p>
+
+<h3>Other Options</h3>
+
+<p>
+As mentioned above, extra options can be passed to <tt>scan-build</tt>. These
+options prefix the build command. For example:</p>
+
+<pre>
+ $ scan-build <b>-k -V</b> make
+ $ scan-build <b>-k -V</b> xcodebuild
+</pre>
+
+<p>Here is a subset of useful options:</p>
+
+<table>
+ <thead><tr><td>Option</td><td>Description</td></tr></thead>
+
+ <tr><td><b>-o</b></td><td>Target directory for HTML report files. Subdirectories will be
+ created as needed to represent separate "runs" of the analyzer. If this option
+is not specified, a directory is created in <tt>/tmp</tt> to store the
+reports.</td><tr>
+
+ <tr><td><b>-h</b><br><i><nobr>(or no arguments)</nobr></i></td><td>Display all <tt>scan-build</tt> options.</td></tr>
+
+ <tr><td><b>-k</b><br><nobr><b>--keep-going</b></nobr></td><td>Add a "keep on going" option to the
+ specified build command. <p>This option currently supports <tt>make</tt> and
+ <tt>xcodebuild</tt>.</p> <p>This is a convenience option; one can specify this
+ behavior directly using build options.</p></td></tr>
+
+ <tr><td><b>-v<b></td><td>Verbose output from scan-build and the analyzer. <b>A second and third
+ "-v" increases verbosity</b>, and is useful for filing bug reports against the analyzer.</td></tr>
+
+ <tr><td><b>-V</b></td><td>View analysis results in a web browser when the build command completes.</td></tr>
+</table>
+
+<h2 id="Output">Output of the Analyzer</h2>
+
+<p>
+The output of the analyzer is a set of HTML files, each one which represents a
+separate bug report. A single <tt>index.html</tt> file is generated for
+surveying all of the bugs. You can then just open <tt>index.html</tt> in a web
+browser to view the bug reports.
+</p>
+
+<p>
+Where the HTML files are generated is specified with a <b>-o</b> option to
+<tt>scan-build</tt>. If <b>-o</b> isn't specified, a directory in <tt>/tmp</tt>
+is created to store the files (<tt>scan-build</tt> will print a message telling
+you where they are). If you want to view the reports immediately after the build
+completes, pass <b>-V</b> to <tt>scan-build</tt>.
+</p>
+
+
+<h2 id="RecommendedUsageGuidelines">Recommended Usage Guidelines</h2>
+
+Here are a few recommendations with running the analyzer:
+
+<h3>Always Analyze a Project in its "Debug" Configuration</h3>
+
+<p>Most projects can be built in a "debug" mode that enables assertions.
+Assertions are picked up by the static analyzer to prune infeasible paths, which
+in some cases can greatly reduce the number of false positives (bogus error
+reports) emitted by the tool.</p>
+
+<h3>Pass -k to scan-build</h3>
+
+<p>While <tt>ccc-analyzer</tt> invokes <tt>gcc</tt> to compile code, any
+problems in correctly forwarding arguments to <tt>gcc</tt> may result in a build
+failure. Passing <b>-k</b> to <tt>scan-build</tt> potentially allows you to
+analyze other code in a project for which this problem doesn't occur.</p>
+
+<p> Also, it is useful to analyze a project even if not all of the source files
+are compilable. This is great when using <tt>scan-build</tt> as part of your
+compile-debug cycle.</p>
+
+<h3>Use Verbose Output when Debugging scan-build</h3>
+
+<p><tt>scan-build</tt> takes a <b>-v</b> option to emit verbose output about
+what it's doing; two <b>-v</b> options emit more information. Redirecting the
+output of <tt>scan-build</tt> to a text file (make sure to redirect standard
+error) is useful for filing bug reports against <tt>scan-build</tt> or the
+analyzer, as we can see the exact options (and files) passed to the analyzer.
+For more comprehensible logs, don't perform a parallel build.</p>
+
+<h2 id="Debugging">Debugging the Analyzer</h2>
+
+<p>This section provides information on debugging the analyzer, and troubleshooting
+it when you have problems analyzing a particular project.</p>
+
+<h3>How it Works</h3>
+
+<p>To analyze a project, <tt>scan-build</tt> simply sets the environment variable
+<tt>CC</tt> to the full path to <tt>ccc-analyzer</tt>. It also sets a few other
+environment variables to communicate to <tt>ccc-analyzer</tt> where to dump HTML
+report files.</p>
+
+<p>Some Makefiles (or equivalent project files) hardcode the compiler; for such
+projects simply overriding <tt>CC</tt> won't cause <tt>ccc-analyzer</tt> to be
+called. This will cause the compiled code <b>to not be analyzed.</b></p> If you
+find that your code isn't being analyzed, check to see if <tt>CC</tt> is
+hardcoded. If this is the case, you can hardcode it instead to the <b>full
+path</b> to <tt>ccc-analyzer</tt>.</p>
+
+<p>When applicable, you can also run <tt>./configure</tt> for a project through
+<tt>scan-build</tt> so that configure sets up the location of <tt>CC</tt> based
+on the environment passed in from <tt>scan-build</tt>:
+
+<pre>
+ $ scan-build <b>./configure</b>
+</pre>
+
+<p><tt>scan-build</tt> has special knowledge about <tt>configure</tt>, so it in
+most cases will not actually analyze the configure tests run by
+<tt>configure</tt>.</p>
+
+<p>Under the hood, <tt>ccc-analyzer</tt> directly invokes <tt>gcc</tt> to
+compile the actual code in addition to running the analyzer (which occurs by it
+calling <tt>clang</tt>). <tt>ccc-analyzer</tt> tries to correctly forward all
+the arguments over to <tt>gcc</tt>, but this may not work perfectly (please
+report bugs of this kind).
+
+<h2 id="filingbugs">Filing Bugs and Feature Requests</h2>
+
+<p>We encourage users to file bug reports for any problems that they encounter.
+We also welcome feature requests. When filing a bug report, please do the
+following:</p>
+
+<ul>
+
+<li>Include the checker build (for prebuilt Mac OS X binaries) or the SVN
+revision number.</li>
+
+<li>Provide a self-encapsulated, reduced test case that exhibits the issue
+ you are experiencing.</li>
+
+<li>Test cases don't tell us everything. Please briefly describe the problem you are seeing.</li>
+
+</ul>
+
+<h3>Outside Apple</h3>
+
+<p>Please <a href="http://llvm.org/bugs/enter_bug.cgi?product=clang">file
+bugs</a> in LLVM's Bugzilla database against the Clang <b>Static Analyzer</b>
+component.</p>
+
+<h3>Apple-internal Users</h3>
+
+<p>Please file bugs in Radar against the <b>llvm - checker</b> component.</p>
+
+</div>
+</body>
+</html>
+
OpenPOWER on IntegriCloud