[cfe-dev] Using clang for Static Analysis

[Joel Sherrill]

  On 09/17/2010 01:10 PM, Tom Care wrote:
> Hi Joel,
>
> I'll address your second question first, since it's easier to answer :)
>
> The easiest way to start analyzing with clang is to use the scan-build script to automatically shim clang in to your existing build system. All of your normal make system will work as usual (and use the same compiler), but when scan-build sees a file that clang can analyze, it will call clang to analyze that file. scan-build then produces a series of html files with descriptions of the bugs. You can find out more about scan-build at this page: http://clang-analyzer.llvm.org/scan-build
>
I am on Fedora 13 and apparently this isn't part of the RPM.   :(
Where does this get come from?  Do I need to do my own install
from source?

But operationally it sounds like it works a lot like Coverity scan.
> As for the checks that clang currently performs, this is a little harder to answer. We haven't updated a list of them in quite a while, and development is moving relatively rapidly. The hacky way to answer this is by giving a list of the files in the lib/checker directory to give you an idea of what is currently written. I've attached a text file with some of the irrelevant stuff removed.
>
> An important thing to note is that there are several checks labelled as experimental. These may have high false positive rates or may miss bugs. scan-build will let you turn these on or off depending on how adventurous you are feeling!
>
Oh don't worry about that, we will report issues  and beg for help.  
That's what the
free software process is all about.
> I hope that's enough to get you started. If there are any checks you would like to see, let us know. Please report any problems with the analyzer, and if you manage to find any serious/interesting bugs with the analyzer, we'd love to hear about them!
>
I think it is close.  Just need to get scan-build installed and dig in.

Thanks.

--joel
> Tom
>