[cfe-dev] analyzer: invoking a single analyzer from the static analysis tools.

Aitor San Juan aitor.sj at opendeusto.es
Wed Feb 26 11:05:16 PST 2014 

Hello,

I have developed a simple checker, just to become familiar with Clang's
Checker API. I have sucessfully compiled it and installed in package
alpha.security. For the sake of understanding and tracing the execution
flow of the checker, I have added some "debug" lines like the following
(I'm aware this is discouraged):

llvm::outs() << "BEGIN: checkPreStmt" << "\n";

I run scan-build or clang --analyze, as suggested in previous answers, but
I don't see the messages printed out. The commands I'm running are:

(1) clang --analyze my_file.c

(2) scan-build clang -c my_file.c

Reading the manual, I understand that the reason is that "my" checker is
not enabled by default, only a few.

So I tried the following command to enable it:

(3) scan-build -enable-checker alpha.security.DCL41C clang -c my_file.c

but again my "debugging" messages don't appear in the standard output. So
enabling verbose info with "-v -v" in command (3), I can see the complete
command line run behind the scenes, and scan-build is passing:

'-analyzer-checker' 'alpha.security.DCL41C'

but I've remarked that the checkers enabled by default are being enabled
like this:

 '-analyzer-checker=core' '-analyzer-checker=unix'
'-analyzer-checker=deadcode'
'-analyzer-checker=security.insecureAPI.UncheckedReturn'

So I saved the complete command lie to a shell script, and changed the
options '-analyzer-checker' 'alpha.security.DCL41C' to
'-analyzer-checker=alpha.security.DCL41C'

The same problem: I don't see the messages of llvm:outs, so I don't whether
my checker is being called, or the output of llvm::outs is going to some
other place I don't know.

My Clang version is a build that dates back to late Dec. 2013. I hope it's
not a bug :-(

clang version 3.5 (trunk 197976) (llvm/trunk 197973)
Target: x86_64-unknown-linux-gnu
Thread model: posix

Any help would he highly appreciated

Date: Tue, 25 Feb 2014 11:37:17 -0800

> From: Michael Katelman <katelman at gmail.com>
> To: Ted Kremenek <kremenek at apple.com>
> Cc: cfe-dev at cs.uiuc.edu
> Subject: Re: [cfe-dev] analyzer: invoking a single analyzer from the
>         static analysis tools.
> Message-ID:
>         <
> CAAn2fBCGH69fAWP_kXGpwpqjAykj29ps9RfcPbNi9e4foqqKuQ at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi Ted,
>
> Thanks for the help! I actually have a follow-up question, though. This
> question came up because I was toying around with developing my own simple
> checker and wanted to test it out. My first inclination was to do this in
> isolation from the other checkers which is why I attempted the invocation
> from my original post, but perhaps you're saying that even for a dev
> situation like this just run the whole platter of checkers? Or, did you
> just mean for a general usage scenario where someone isn't adding new
> checkers etc.?
>
> I just ended up using --analyze because the scan-build command I could
> figure out was somewhat more verbose, needing --use-analyzer=... etc.; but,
> I was mostly fumbling around trying to get it to work, so I'm sure I'm
> missing a bunch of different things.
>
> Thanks again.
>
> -Mike
>
>
> On Tue, Feb 25, 2014 at 11:00 AM, Ted Kremenek <kremenek at apple.com> wrote:
>
> > Hi Michael,
> >
> > It's not recommended to run the low-level driver like this.  You can just
> > use scan-build, for example:
> >
> >   $ scan-build clang -c /tmp/main.c
> >
> > or more generally
> >
> >   $ scan-build <compiler line>
> >
> > You can also use:
> >
> >   $ clang --analyze /tmp/main.c
> >
> > directly.  That's somewhat discouraged because the long-term idea is that
> > the static analyzer supports global analysis.  The intention is that you
> > can declare a set of files to analyze and they get analyzed together,
> > whereas the latter line is clearly just analyzing a particular file using
> > clang.
> >
> > Cheers,
> > Ted
> >
> > On Feb 21, 2014, at 2:22 PM, Michael Katelman <katelman at gmail.com>
> wrote:
> >
> > > I was wondering if someone might be able to help me with cleanly
> > invoking a single analyzer from the static analysis tools.
> > >
> > > I am not sure what I need to do (or, should be doing instead) in a
> > situation like the one below where I've got a header like stdio.h
> included
> > (--analyze figures it out, but then it appears that I lose the ability to
> > apply a single checker) :
> > >
> > > %  ./Debug+Asserts/bin/clang -cc1 -analyze
> > -analyzer-checker=core.DivideZero ./tmp/main.c
> > >
> > > ./tmp/main.c:1:10: fatal error: 'stdio.h' file not found
> > > #include <stdio.h>
> > >          ^
> > > 1 error generated.
> > >
> > >  % cat ./tmp /main.c
> > >
> > > #include <stdio.h>
> > >
> > > int main( int argc, char** argv){
> > >   int x = 1;
> > >   int y = 0;
> > >
> > >   printf("%d\n", x / y);
> > >
> > >   return  0;
> > > }
> > >
> > > Thanks!
> > >
> > > -Mike
> > > _______________________________________________
> > > cfe-dev mailing list
> > > cfe-dev at cs.uiuc.edu
> > > http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20140226/af89a63c/attachment.html>

More information about the cfe-dev mailing list