<div dir="ltr">Ok, no worries. I've pasted the content of the "custom" shell script.<br><br>The option marked (*) is what I added to enable my checker, but it seems to have no effect. I'm racking my brains to work it out. No successful result for the time being, though.<br>
<br>Here you are. I hope it helps.<br><br><span style="font-family:courier new,monospace">#!/bin/bash<br>/usr/local/src/build/Release+Asserts/bin/clang '-cc1' \<br> '-triple' 'x86_64-unknown-linux-gnu' \<br>
'-analyze' \<br> '-disable-free' \<br> '-main-file-name' 'dcl41c_03_bad.c' \<br> '-analyzer-store=region' \<br> '-analyzer-opt-analyze-nested-blocks' \<br> '-analyzer-eagerly-assume' \<br>
'-analyzer-checker=core' \<br> '-analyzer-checker=unix' \<br> '-analyzer-checker=deadcode' \<br> '-analyzer-checker=security.insecureAPI.UncheckedReturn' \<br> '-analyzer-checker=security.insecureAPI.getpw' \<br>
'-analyzer-checker=security.insecureAPI.gets' \<br> '-analyzer-checker=security.insecureAPI.mktemp' \<br> '-analyzer-checker=security.insecureAPI.mkstemp' \<br> '-analyzer-checker=security.insecureAPI.vfork' \<br>
'-analyzer-output' 'plist' '-w' \<br> '-mrelocation-model' 'static' \<br> '-mdisable-fp-elim' '-fmath-errno' \<br> '-masm-verbose' \<br> '-mconstructor-aliases' '-munwind-tables' \<br>
'-target-cpu' 'x86-64' \<br> '-target-linker-version' '2.22' \<br> '-resource-dir' '/usr/local/src/build/Release+Asserts/bin/../lib/clang/3.5' \<br> '-internal-isystem' '/usr/local/include' \<br>
'-internal-isystem' '/usr/local/src/build/Release+Asserts/bin/../lib/clang/3.5/include' \<br> '-internal-externc-isystem' '/usr/include/x86_64-linux-gnu' \<br> '-internal-externc-isystem' '/include' \<br>
'-internal-externc-isystem' '/usr/include' \<br> '-fdebug-compilation-dir' '/home/user1/src' \<br> '-ferror-limit' '19' '-fmessage-length' '0' \<br>
'-mstackrealign' \<br> '-fobjc-runtime=gcc' '-fdiagnostics-show-option' \<br> '-vectorize-slp' \<br> '-analyzer-display-progress' \<br>(*) '-analyzer-checker=alpha.security.DCL41C' \<br>
'-analyzer-output=html' \<br> '-o' '/tmp/scan-build-2014-02-26-4' \<br> '-x' 'c' 'dcl41c_03_bad.c'</span><br><div><div class="gmail_extra"><br><br><div class="gmail_quote">
2014-02-27 19:12 GMT+01:00 Michael Katelman <span dir="ltr"><<a href="mailto:katelman@gmail.com" target="_blank">katelman@gmail.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Aitor,<div><br></div><div>I think something got lost in my message. I understand the process that you're talking about, but when I did it I needed to manually modify the resulting bash script that was emitted; that's why I was asking about you posting the full clang command (so I could see if you had made similar changes to what I had). I did this through clang originally with -###, so perhaps some of the edits aren't necessary since you used scan-build, but one thing I'm wondering about is if the command that you're ultimately running invokes the system installed clang or your locally built one, as I needed to use -use-analyzer=... when invoking scan-build.</div>
</div><div class="gmail_extra"><br><br><div class="gmail_quote"><div><div>On Thu, Feb 27, 2014 at 4:03 AM, Aitor San Juan <span dir="ltr"><<a href="mailto:aitor.sj@opendeusto.es" target="_blank">aitor.sj@opendeusto.es</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">Michael,<br><br>You will see the complete command executed behind the scenes if you run scan-build with the verbose option enabled (-v -v): <div>
<div class="gmail_extra"><br>scan-build -v -v -enable-checker my_checker_name clang -c my_file.c<br>
<div class="gmail_quote"><br></div><div class="gmail_quote">You may save the output to a file, get rid of the debug messages, save the first lines, add #!/bin/bash at the beginning, and give it exec permissions (chmod 755 your_script_name) to run it as a shell script. That's what I did.<br>
<br></div><div class="gmail_quote">However, the previous command seems to not effectively enable the checker supplied at the command line. As I mentioned in my previous message, the option "-enable-checker my_checker_name" to scan-build is internally passed as '-analyzer-checker' 'my_checker_name'. If you inspect the full command printed out by scan-build (when using -v -v), the default checkers are enabled with the syntax '-analyzer-checker=core', and so on.<br>
<br></div><div class="gmail_quote">I tried passing '-analyzer-checker=my_checker_name' in the shell script, but apparently nothing happens.<br><br>So I don't know how to enable my custom checker, which, according to the manual, is disabled by default.<br>
<br></div><div class="gmail_quote">Could anybody shed some light on this?<br></div><div class="gmail_quote">Many thanks.<span><font color="#888888"><br></font></span></div><span><font color="#888888"><div class="gmail_quote">
Aitor.<br></div></font></span><div><div><div class="gmail_quote"><br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Date: Wed, 26 Feb 2014 13:04:24 -0800<br>
From: Michael Katelman <<a href="mailto:katelman@gmail.com" target="_blank">katelman@gmail.com</a>><br>
To: "<a href="mailto:cfe-dev@cs.uiuc.edu" target="_blank">cfe-dev@cs.uiuc.edu</a>" <<a href="mailto:cfe-dev@cs.uiuc.edu" target="_blank">cfe-dev@cs.uiuc.edu</a>><div><br>
Subject: Re: [cfe-dev] analyzer: invoking a single analyzer from the<br>
static analysis tools.<br>
Message-ID:<br></div>
<<a href="mailto:CAAn2fBDsqM_x2wxbb7O%2B4OKA_9q4%2BuOKAOX5CTaL8na7B9yhEw@mail.gmail.com" target="_blank">CAAn2fBDsqM_x2wxbb7O+4OKA_9q4+uOKAOX5CTaL8na7B9yhEw@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="iso-8859-1"<div><div><br>
<br>
I've gone down a similar road within the last couple of days. I'm not sure<br>
I'll be able to solve your problem -- I'm just familiarizing myself with<br>
the tools and code myself -- but I did get what you're talking about to<br>
work for the simple checker that I made. Would you mind posting the<br>
entirety of the shell script you made?<br>
<br>
<br>
On Wed, Feb 26, 2014 at 11:05 AM, Aitor San Juan <<a href="mailto:aitor.sj@opendeusto.es" target="_blank">aitor.sj@opendeusto.es</a>>wrote:<br>
<br>
> Hello,<br>
><br>
> I have developed a simple checker, just to become familiar with Clang's<br>
> Checker API. I have sucessfully compiled it and installed in package<br>
> alpha.security. For the sake of understanding and tracing the execution<br>
> flow of the checker, I have added some "debug" lines like the following<br>
> (I'm aware this is discouraged):<br>
><br>
> llvm::outs() << "BEGIN: checkPreStmt" << "\n";<br>
><br>
> I run scan-build or clang --analyze, as suggested in previous answers, but<br>
> I don't see the messages printed out. The commands I'm running are:<br>
><br>
> (1) clang --analyze my_file.c<br>
><br>
> (2) scan-build clang -c my_file.c<br>
><br>
> Reading the manual, I understand that the reason is that "my" checker is<br>
> not enabled by default, only a few.<br>
><br>
> So I tried the following command to enable it:<br>
><br>
> (3) scan-build -enable-checker alpha.security.DCL41C clang -c my_file.c<br>
><br>
> but again my "debugging" messages don't appear in the standard output. So<br>
> enabling verbose info with "-v -v" in command (3), I can see the complete<br>
> command line run behind the scenes, and scan-build is passing:<br>
><br>
> '-analyzer-checker' 'alpha.security.DCL41C'<br>
><br>
> but I've remarked that the checkers enabled by default are being enabled<br>
> like this:<br>
><br>
> '-analyzer-checker=core' '-analyzer-checker=unix'<br>
> '-analyzer-checker=deadcode'<br>
> '-analyzer-checker=security.insecureAPI.UncheckedReturn'<br>
><br>
> So I saved the complete command lie to a shell script, and changed the<br>
> options '-analyzer-checker' 'alpha.security.DCL41C' to<br>
> '-analyzer-checker=alpha.security.DCL41C'<br>
><br>
> The same problem: I don't see the messages of llvm:outs, so I don't<br>
> whether my checker is being called, or the output of llvm::outs is going to<br>
> some other place I don't know.<br>
><br>
> My Clang version is a build that dates back to late Dec. 2013. I hope it's<br>
> not a bug :-(<br>
><br>
> clang version 3.5 (trunk 197976) (llvm/trunk 197973)<br>
> Target: x86_64-unknown-linux-gnu<br>
> Thread model: posix<br>
><br>
> Any help would he highly appreciated<br>
><br>
> Date: Tue, 25 Feb 2014 11:37:17 -0800<br>
><br>
>> From: Michael Katelman <<a href="mailto:katelman@gmail.com" target="_blank">katelman@gmail.com</a>><br>
>> To: Ted Kremenek <<a href="mailto:kremenek@apple.com" target="_blank">kremenek@apple.com</a>><br>
>> Cc: <a href="mailto:cfe-dev@cs.uiuc.edu" target="_blank">cfe-dev@cs.uiuc.edu</a><br>
>> Subject: Re: [cfe-dev] analyzer: invoking a single analyzer from the<br>
>> static analysis tools.<br>
>> Message-ID:<br>
>> <<br>
>> <a href="mailto:CAAn2fBCGH69fAWP_kXGpwpqjAykj29ps9RfcPbNi9e4foqqKuQ@mail.gmail.com" target="_blank">CAAn2fBCGH69fAWP_kXGpwpqjAykj29ps9RfcPbNi9e4foqqKuQ@mail.gmail.com</a>><br>
>> Content-Type: text/plain; charset="iso-8859-1"<br>
>><br>
>><br></div></div><div>
>> Hi Ted,<br>
>><br>
>> Thanks for the help! I actually have a follow-up question, though. This<br>
>> question came up because I was toying around with developing my own simple<br>
>> checker and wanted to test it out. My first inclination was to do this in<br>
>> isolation from the other checkers which is why I attempted the invocation<br>
>> from my original post, but perhaps you're saying that even for a dev<br>
>> situation like this just run the whole platter of checkers? Or, did you<br>
>> just mean for a general usage scenario where someone isn't adding new<br>
>> checkers etc.?<br>
>><br>
>> I just ended up using --analyze because the scan-build command I could<br>
>> figure out was somewhat more verbose, needing --use-analyzer=... etc.;<br>
>> but,<br>
>> I was mostly fumbling around trying to get it to work, so I'm sure I'm<br>
>> missing a bunch of different things.<br>
>><br>
>> Thanks again.<br>
>><br>
>> -Mike<br>
>><br>
>><br></div><div><div>
>> On Tue, Feb 25, 2014 at 11:00 AM, Ted Kremenek <<a href="mailto:kremenek@apple.com" target="_blank">kremenek@apple.com</a>><br>
>> wrote:<br>
>><br>
>> > Hi Michael,<br>
>> ><br>
>> > It's not recommended to run the low-level driver like this. You can<br>
>> just<br>
>> > use scan-build, for example:<br>
>> ><br>
>> > $ scan-build clang -c /tmp/main.c<br>
>> ><br>
>> > or more generally<br>
>> ><br>
>> > $ scan-build <compiler line><br>
>> ><br>
>> > You can also use:<br>
>> ><br>
>> > $ clang --analyze /tmp/main.c<br>
>><br>
>> ><br>
>> > directly. That's somewhat discouraged because the long-term idea is<br>
>> that<br>
>> > the static analyzer supports global analysis. The intention is that you<br>
>> > can declare a set of files to analyze and they get analyzed together,<br>
>> > whereas the latter line is clearly just analyzing a particular file<br>
>> using<br>
>> > clang.<br>
>> ><br>
>> > Cheers,<br>
>> > Ted<br>
>> ><br>
>> > On Feb 21, 2014, at 2:22 PM, Michael Katelman <<a href="mailto:katelman@gmail.com" target="_blank">katelman@gmail.com</a>><br>
>> wrote:<br>
>> ><br>
>> > > I was wondering if someone might be able to help me with cleanly<br>
>> > invoking a single analyzer from the static analysis tools.<br>
>> > ><br>
>> > > I am not sure what I need to do (or, should be doing instead) in a<br>
>> > situation like the one below where I've got a header like stdio.h<br>
>> included<br>
>> > (--analyze figures it out, but then it appears that I lose the ability<br>
>> to<br>
>> > apply a single checker) :<br>
>> > ><br>
>> > > % ./Debug+Asserts/bin/clang -cc1 -analyze<br>
>> > -analyzer-checker=core.DivideZero ./tmp/main.c<br>
>> > ><br>
>> > > ./tmp/main.c:1:10: fatal error: 'stdio.h' file not found<br>
>> > > #include <stdio.h><br>
>> > > ^<br>
>> > > 1 error generated.<br>
>> > ><br>
>> > > % cat ./tmp /main.c<br>
>> > ><br>
>> > > #include <stdio.h><br>
>> > ><br>
>> > > int main( int argc, char** argv){<br>
>> > > int x = 1;<br>
>> > > int y = 0;<br>
>> > ><br>
>> > > printf("%d\n", x / y);<br>
>> > ><br>
>> > > return 0;<br>
>> > > }<br>
>> > ><br>
>> > > Thanks!<br></div></div></blockquote></div></div></div></div></div></div>
</blockquote></div><br></div></div>
<br></div></div><div>_______________________________________________<br>
cfe-dev mailing list<br>
<a href="mailto:cfe-dev@cs.uiuc.edu" target="_blank">cfe-dev@cs.uiuc.edu</a><br>
<a href="http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev</a><br>
<br></div></blockquote></div><br></div>
</blockquote></div><br></div></div></div>