<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Michael,<br><br>You will see the complete command executed behind the scenes if you run scan-build with the verbose option enabled (-v -v): <div>
<div class="gmail_extra"><br>scan-build -v -v -enable-checker my_checker_name clang -c my_file.c<br>
<div class="gmail_quote"><br></div><div class="gmail_quote">You may save the output to a file, get rid of the debug messages, save the first lines, add #!/bin/bash at the beginning, and give it exec permissions (chmod 755 your_script_name) to run it as a shell script. That's what I did.<br>
<br></div><div class="gmail_quote">However, the previous command seems to not effectively enable the checker supplied at the command line. As I mentioned in my previous message, the option "-enable-checker my_checker_name" to scan-build is internally passed as '-analyzer-checker' 'my_checker_name'. If you inspect the full command printed out by scan-build (when using -v -v), the default checkers are enabled with the syntax '-analyzer-checker=core', and so on.<br>
<br></div><div class="gmail_quote">I tried passing '-analyzer-checker=my_checker_name' in the shell script, but apparently nothing happens.<br><br>So I don't know how to enable my custom checker, which, according to the manual, is disabled by default.<br>
<br></div><div class="gmail_quote">Could anybody shed some light on this?<br></div><div class="gmail_quote">Many thanks.<span class="HOEnZb"><font color="#888888"><br></font></span></div><span class="HOEnZb"><font color="#888888"><div class="gmail_quote">
Aitor.<br></div></font></span><div><div class="h5"><div class="gmail_quote"><br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Date: Wed, 26 Feb 2014 13:04:24 -0800<br>
From: Michael Katelman <<a href="mailto:katelman@gmail.com" target="_blank">katelman@gmail.com</a>><br>
To: "<a href="mailto:cfe-dev@cs.uiuc.edu" target="_blank">cfe-dev@cs.uiuc.edu</a>" <<a href="mailto:cfe-dev@cs.uiuc.edu" target="_blank">cfe-dev@cs.uiuc.edu</a>><br>
Subject: Re: [cfe-dev] analyzer: invoking a single analyzer from the<br>
static analysis tools.<br>
Message-ID:<br>
<<a href="mailto:CAAn2fBDsqM_x2wxbb7O%2B4OKA_9q4%2BuOKAOX5CTaL8na7B9yhEw@mail.gmail.com" target="_blank">CAAn2fBDsqM_x2wxbb7O+4OKA_9q4+uOKAOX5CTaL8na7B9yhEw@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="iso-8859-1"<br>
<br>
I've gone down a similar road within the last couple of days. I'm not sure<br>
I'll be able to solve your problem -- I'm just familiarizing myself with<br>
the tools and code myself -- but I did get what you're talking about to<br>
work for the simple checker that I made. Would you mind posting the<br>
entirety of the shell script you made?<br>
<br>
<br>
On Wed, Feb 26, 2014 at 11:05 AM, Aitor San Juan <<a href="mailto:aitor.sj@opendeusto.es" target="_blank">aitor.sj@opendeusto.es</a>>wrote:<br>
<br>
> Hello,<br>
><br>
> I have developed a simple checker, just to become familiar with Clang's<br>
> Checker API. I have sucessfully compiled it and installed in package<br>
> alpha.security. For the sake of understanding and tracing the execution<br>
> flow of the checker, I have added some "debug" lines like the following<br>
> (I'm aware this is discouraged):<br>
><br>
> llvm::outs() << "BEGIN: checkPreStmt" << "\n";<br>
><br>
> I run scan-build or clang --analyze, as suggested in previous answers, but<br>
> I don't see the messages printed out. The commands I'm running are:<br>
><br>
> (1) clang --analyze my_file.c<br>
><br>
> (2) scan-build clang -c my_file.c<br>
><br>
> Reading the manual, I understand that the reason is that "my" checker is<br>
> not enabled by default, only a few.<br>
><br>
> So I tried the following command to enable it:<br>
><br>
> (3) scan-build -enable-checker alpha.security.DCL41C clang -c my_file.c<br>
><br>
> but again my "debugging" messages don't appear in the standard output. So<br>
> enabling verbose info with "-v -v" in command (3), I can see the complete<br>
> command line run behind the scenes, and scan-build is passing:<br>
><br>
> '-analyzer-checker' 'alpha.security.DCL41C'<br>
><br>
> but I've remarked that the checkers enabled by default are being enabled<br>
> like this:<br>
><br>
> '-analyzer-checker=core' '-analyzer-checker=unix'<br>
> '-analyzer-checker=deadcode'<br>
> '-analyzer-checker=security.insecureAPI.UncheckedReturn'<br>
><br>
> So I saved the complete command lie to a shell script, and changed the<br>
> options '-analyzer-checker' 'alpha.security.DCL41C' to<br>
> '-analyzer-checker=alpha.security.DCL41C'<br>
><br>
> The same problem: I don't see the messages of llvm:outs, so I don't<br>
> whether my checker is being called, or the output of llvm::outs is going to<br>
> some other place I don't know.<br>
><br>
> My Clang version is a build that dates back to late Dec. 2013. I hope it's<br>
> not a bug :-(<br>
><br>
> clang version 3.5 (trunk 197976) (llvm/trunk 197973)<br>
> Target: x86_64-unknown-linux-gnu<br>
> Thread model: posix<br>
><br>
> Any help would he highly appreciated<br>
><br>
> Date: Tue, 25 Feb 2014 11:37:17 -0800<br>
><br>
>> From: Michael Katelman <<a href="mailto:katelman@gmail.com" target="_blank">katelman@gmail.com</a>><br>
>> To: Ted Kremenek <<a href="mailto:kremenek@apple.com" target="_blank">kremenek@apple.com</a>><br>
>> Cc: <a href="mailto:cfe-dev@cs.uiuc.edu" target="_blank">cfe-dev@cs.uiuc.edu</a><br>
>> Subject: Re: [cfe-dev] analyzer: invoking a single analyzer from the<br>
>> static analysis tools.<br>
>> Message-ID:<br>
>> <<br>
>> <a href="mailto:CAAn2fBCGH69fAWP_kXGpwpqjAykj29ps9RfcPbNi9e4foqqKuQ@mail.gmail.com" target="_blank">CAAn2fBCGH69fAWP_kXGpwpqjAykj29ps9RfcPbNi9e4foqqKuQ@mail.gmail.com</a>><br>
>> Content-Type: text/plain; charset="iso-8859-1"<br>
>><br>
>><br>
>> Hi Ted,<br>
>><br>
>> Thanks for the help! I actually have a follow-up question, though. This<br>
>> question came up because I was toying around with developing my own simple<br>
>> checker and wanted to test it out. My first inclination was to do this in<br>
>> isolation from the other checkers which is why I attempted the invocation<br>
>> from my original post, but perhaps you're saying that even for a dev<br>
>> situation like this just run the whole platter of checkers? Or, did you<br>
>> just mean for a general usage scenario where someone isn't adding new<br>
>> checkers etc.?<br>
>><br>
>> I just ended up using --analyze because the scan-build command I could<br>
>> figure out was somewhat more verbose, needing --use-analyzer=... etc.;<br>
>> but,<br>
>> I was mostly fumbling around trying to get it to work, so I'm sure I'm<br>
>> missing a bunch of different things.<br>
>><br>
>> Thanks again.<br>
>><br>
>> -Mike<br>
>><br>
>><br>
>> On Tue, Feb 25, 2014 at 11:00 AM, Ted Kremenek <<a href="mailto:kremenek@apple.com" target="_blank">kremenek@apple.com</a>><br>
>> wrote:<br>
>><br>
>> > Hi Michael,<br>
>> ><br>
>> > It's not recommended to run the low-level driver like this. You can<br>
>> just<br>
>> > use scan-build, for example:<br>
>> ><br>
>> > $ scan-build clang -c /tmp/main.c<br>
>> ><br>
>> > or more generally<br>
>> ><br>
>> > $ scan-build <compiler line><br>
>> ><br>
>> > You can also use:<br>
>> ><br>
>> > $ clang --analyze /tmp/main.c<br>
>><br>
>> ><br>
>> > directly. That's somewhat discouraged because the long-term idea is<br>
>> that<br>
>> > the static analyzer supports global analysis. The intention is that you<br>
>> > can declare a set of files to analyze and they get analyzed together,<br>
>> > whereas the latter line is clearly just analyzing a particular file<br>
>> using<br>
>> > clang.<br>
>> ><br>
>> > Cheers,<br>
>> > Ted<br>
>> ><br>
>> > On Feb 21, 2014, at 2:22 PM, Michael Katelman <<a href="mailto:katelman@gmail.com" target="_blank">katelman@gmail.com</a>><br>
>> wrote:<br>
>> ><br>
>> > > I was wondering if someone might be able to help me with cleanly<br>
>> > invoking a single analyzer from the static analysis tools.<br>
>> > ><br>
>> > > I am not sure what I need to do (or, should be doing instead) in a<br>
>> > situation like the one below where I've got a header like stdio.h<br>
>> included<br>
>> > (--analyze figures it out, but then it appears that I lose the ability<br>
>> to<br>
>> > apply a single checker) :<br>
>> > ><br>
>> > > % ./Debug+Asserts/bin/clang -cc1 -analyze<br>
>> > -analyzer-checker=core.DivideZero ./tmp/main.c<br>
>> > ><br>
>> > > ./tmp/main.c:1:10: fatal error: 'stdio.h' file not found<br>
>> > > #include <stdio.h><br>
>> > > ^<br>
>> > > 1 error generated.<br>
>> > ><br>
>> > > % cat ./tmp /main.c<br>
>> > ><br>
>> > > #include <stdio.h><br>
>> > ><br>
>> > > int main( int argc, char** argv){<br>
>> > > int x = 1;<br>
>> > > int y = 0;<br>
>> > ><br>
>> > > printf("%d\n", x / y);<br>
>> > ><br>
>> > > return 0;<br>
>> > > }<br>
>> > ><br>
>> > > Thanks!<br></blockquote></div></div></div></div></div></div>
</blockquote></div><br></div></div>