[cfe-dev] CFRefCount Problem #1: Receiver Aliasing

[Robert Purves]

> I wrote:
>> I am confused between --analyze and scan-build. Both claim to be The Static Analyzer but they differ non-trivially in packaging, ease of use, fit to our workflow, and presentation of marvellously OTT annotated source. Do they, at least in principal, find the same set of issues?

Anna Zaks wrote:
They do find the same set of issues. 

Ted Kremenek wrote:
> scan-build is meant to be a shrink-wrapped, mostly stable way of analyzing a project.  --analyze was a hook added to originally allow Xcode to drive the static analyzer from the IDE, but other's have taken to using it.  It is really a non-stable interface that has never been publicly documented, 

Except for this somewhat public mention.
$ clang --help
OVERVIEW: clang "gcc-compatible" driver

USAGE: clang [options] <inputs>

OPTIONS:
  -###                    Print the commands to run for this compilation
  --analyze               Run the static analyzer
[...]

> and I discourage it's direct usage unless you really know what you are doing.  The reason it is discouraged is because over time we will be evolving how the analyzer handles multiple files.  Currently the analyzer analyses each file separately, but we'd like to move to a place where it can analyze multiple files together and pool the information garnered from doing so.  The --analyze model inherently sits in the "analyze each file separately" workflow, whereas using scan-build marginalizes out such details.

I believe I understand now, thanks. The two forms of static analysis currently find the same set of issues, but will diverge in the future, for good reason.  

My apologies for high-jacking this thread. Should have started a new one "Will the Real Static Analyzer please stand up?".
Robert P.