[cfe-dev] Need Help - Clang-Analyzer Issue

Ted Kremenek kremenek at apple.com
Fri Dec 23 22:57:08 PST 2011 

Hi Sowmya,

Before I mentioned more details, in short, the easiest way to analyze iOS projects is within Xcode.  If you wish to update the version of the static analyzer used by Xcode to use the one provided with the open source checker builds, you can use the set-xcode-analyzer script that is bundled with the tar file.

The more detailed answer is that scan-build is long in the tooth, and simply doesn't do a good job with interposing on xcodebuild (or really any build system).  scan-build was written more of a proof-of-concept, but has never really been made a production turn key solution for analyzing any arbitrary project with any build system.  Taking beyond the hack that it is into something that "just works" most of the time would be a great project for someone to tackle, but it would require a significant amount of work and the solution would potentially depend on the platform.

scan-build is just a Perl script.  It "interposes" on a build by setting CC and CCC to a fake compiler, called ccc-analyzer.  If everything works correctly (which it doesn't always), the build system then uses ccc-analyzer for compiling C and C++ files.  When ccc-analyzer gets invoked, it first invokes the real compiler and then invokes clang for static analysis.

The trick is that ccc-analyzer doesn't know the "real compiler"; it just guesses that it is "gcc" in your path.  If this isn't correct, then the whole thing doesn't work.  You can tell scan-build to use a different compiler than just the gcc in your path by using the --use-cc and --use-cxx flags respectively, but it is rather ugly and hard to use for most users.  For iOS projects, you will need to do this, especially when compiling for the device, since the device compiler resides at a specific place in the Xcode installation.

The upshot is that unless you really need to generate HTML output, the best way to analyze Xcode projects is from within Xcode itself. 

Cheers,
Ted

On Dec 19, 2011, at 2:17 AM, Sowmya Gaddipati wrote:

> Hi Team,
> 
> I am using the clang-static analyzer to know all the technical defects in my iOS Application.
> 
> While Using scan-build, it was suppressing some bugs in the console itself without generating them in the HTML report.
> 
> So, If I use the BUILD AND ANALYZE option of the xcode, I am getting 103 bugs where as through scan-build, I am getting just 36 bugs.
> 
> A lot of mismatch is there.
> 
> The XCode version I'm currently using is XCode 4.2 and the command using is 
> 
> "scan-build -k -o /Desktop/Reports xcodebuild clean build -configuration Debug -sdk iphonesimulator5.0".
> 
> Struggling with this from many days. Hope u will help ASAP.
> 
> 
> Thanks and Regards,
> Sowmya Gaddipati.
> 
> 
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev

More information about the cfe-dev mailing list