[cfe-dev] cfe-dev Digest, Vol 80, Issue 117

Aitor San Juan aitor.sj at opendeusto.es
Thu Feb 27 00:21:33 PST 2014 

Michael,

You will see the complete command executed behind the scenes if you run
scan-build with the verbose option enabled (-v -v):

scan-build -v -v -enable-checker my_checker_name clang -c my_file.c

You may save the output to a file, get rid of the debug messages, save the
first lines, add #!/bin/bash at the beginning, and give it exec permissions
(chmod 755 your_script_name) to run it as a shell script. That's what I did.

However, the previous command seems to not effectively enable the checker
supplied at the command line. As I mentioned in my previous message, the
option "-enable-checker my_checker_name" to scan-build is internally passed
as '-analyzer-checker' 'my_checker_name'. If you inspect the full command
printed out by scan-build (when using -v -v), the default checkers are
enabled with the syntax '-analyzer-checker=core', and so on.

I tried passing '-analyzer-checker=my_checker_name' in the shell script,
but apparently nothing happens.

So I don't know how to enable my custom checker, which, according to the
manual, is disabled by default.

Could anybody shed some light on this?
Many thanks.
Aitor.


> Date: Wed, 26 Feb 2014 13:04:24 -0800
> From: Michael Katelman <katelman at gmail.com>
> To: "cfe-dev at cs.uiuc.edu" <cfe-dev at cs.uiuc.edu>
> Subject: Re: [cfe-dev] analyzer: invoking a single analyzer from the
>         static analysis tools.
> Message-ID:
>         <
> CAAn2fBDsqM_x2wxbb7O+4OKA_9q4+uOKAOX5CTaL8na7B9yhEw at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> I've gone down a similar road within the last couple of days. I'm not sure
> I'll be able to solve your problem -- I'm just familiarizing myself with
> the tools and code myself -- but I did get what you're talking about to
> work for the simple checker that I made. Would you mind posting the
> entirety of the shell script you made?
>
>
> On Wed, Feb 26, 2014 at 11:05 AM, Aitor San Juan <aitor.sj at opendeusto.es
> >wrote:
>
> > Hello,
> >
> > I have developed a simple checker, just to become familiar with Clang's
> > Checker API. I have sucessfully compiled it and installed in package
> > alpha.security. For the sake of understanding and tracing the execution
> > flow of the checker, I have added some "debug" lines like the following
> > (I'm aware this is discouraged):
> >
> > llvm::outs() << "BEGIN: checkPreStmt" << "\n";
> >
> > I run scan-build or clang --analyze, as suggested in previous answers,
> but
> > I don't see the messages printed out. The commands I'm running are:
> >
> > (1) clang --analyze my_file.c
> >
> > (2) scan-build clang -c my_file.c
> >
> > Reading the manual, I understand that the reason is that "my" checker is
> > not enabled by default, only a few.
> >
> > So I tried the following command to enable it:
> >
> > (3) scan-build -enable-checker alpha.security.DCL41C clang -c my_file.c
> >
> > but again my "debugging" messages don't appear in the standard output. So
> > enabling verbose info with "-v -v" in command (3), I can see the complete
> > command line run behind the scenes, and scan-build is passing:
> >
> > '-analyzer-checker' 'alpha.security.DCL41C'
> >
> > but I've remarked that the checkers enabled by default are being enabled
> > like this:
> >
> >  '-analyzer-checker=core' '-analyzer-checker=unix'
> > '-analyzer-checker=deadcode'
> > '-analyzer-checker=security.insecureAPI.UncheckedReturn'
> >
> > So I saved the complete command lie to a shell script, and changed the
> > options '-analyzer-checker' 'alpha.security.DCL41C' to
> > '-analyzer-checker=alpha.security.DCL41C'
> >
> > The same problem: I don't see the messages of llvm:outs, so I don't
> > whether my checker is being called, or the output of llvm::outs is going
> to
> > some other place I don't know.
> >
> > My Clang version is a build that dates back to late Dec. 2013. I hope
> it's
> > not a bug :-(
> >
> > clang version 3.5 (trunk 197976) (llvm/trunk 197973)
> > Target: x86_64-unknown-linux-gnu
> > Thread model: posix
> >
> > Any help would he highly appreciated
> >
> > Date: Tue, 25 Feb 2014 11:37:17 -0800
> >
> >> From: Michael Katelman <katelman at gmail.com>
> >> To: Ted Kremenek <kremenek at apple.com>
> >> Cc: cfe-dev at cs.uiuc.edu
> >> Subject: Re: [cfe-dev] analyzer: invoking a single analyzer from the
> >>         static analysis tools.
> >> Message-ID:
> >>         <
> >> CAAn2fBCGH69fAWP_kXGpwpqjAykj29ps9RfcPbNi9e4foqqKuQ at mail.gmail.com>
> >> Content-Type: text/plain; charset="iso-8859-1"
> >>
> >>
> >> Hi Ted,
> >>
> >> Thanks for the help! I actually have a follow-up question, though. This
> >> question came up because I was toying around with developing my own
> simple
> >> checker and wanted to test it out. My first inclination was to do this
> in
> >> isolation from the other checkers which is why I attempted the
> invocation
> >> from my original post, but perhaps you're saying that even for a dev
> >> situation like this just run the whole platter of checkers? Or, did you
> >> just mean for a general usage scenario where someone isn't adding new
> >> checkers etc.?
> >>
> >> I just ended up using --analyze because the scan-build command I could
> >> figure out was somewhat more verbose, needing --use-analyzer=... etc.;
> >> but,
> >> I was mostly fumbling around trying to get it to work, so I'm sure I'm
> >> missing a bunch of different things.
> >>
> >> Thanks again.
> >>
> >> -Mike
> >>
> >>
> >> On Tue, Feb 25, 2014 at 11:00 AM, Ted Kremenek <kremenek at apple.com>
> >> wrote:
> >>
> >> > Hi Michael,
> >> >
> >> > It's not recommended to run the low-level driver like this.  You can
> >> just
> >> > use scan-build, for example:
> >> >
> >> >   $ scan-build clang -c /tmp/main.c
> >> >
> >> > or more generally
> >> >
> >> >   $ scan-build <compiler line>
> >> >
> >> > You can also use:
> >> >
> >> >   $ clang --analyze /tmp/main.c
> >>
> >> >
> >> > directly.  That's somewhat discouraged because the long-term idea is
> >> that
> >> > the static analyzer supports global analysis.  The intention is that
> you
> >> > can declare a set of files to analyze and they get analyzed together,
> >> > whereas the latter line is clearly just analyzing a particular file
> >> using
> >> > clang.
> >> >
> >> > Cheers,
> >> > Ted
> >> >
> >> > On Feb 21, 2014, at 2:22 PM, Michael Katelman <katelman at gmail.com>
> >> wrote:
> >> >
> >> > > I was wondering if someone might be able to help me with cleanly
> >> > invoking a single analyzer from the static analysis tools.
> >> > >
> >> > > I am not sure what I need to do (or, should be doing instead) in a
> >> > situation like the one below where I've got a header like stdio.h
> >> included
> >> > (--analyze figures it out, but then it appears that I lose the ability
> >> to
> >> > apply a single checker) :
> >> > >
> >> > > %  ./Debug+Asserts/bin/clang -cc1 -analyze
> >> > -analyzer-checker=core.DivideZero ./tmp/main.c
> >> > >
> >> > > ./tmp/main.c:1:10: fatal error: 'stdio.h' file not found
> >> > > #include <stdio.h>
> >> > >          ^
> >> > > 1 error generated.
> >> > >
> >> > >  % cat ./tmp /main.c
> >> > >
> >> > > #include <stdio.h>
> >> > >
> >> > > int main( int argc, char** argv){
> >> > >   int x = 1;
> >> > >   int y = 0;
> >> > >
> >> > >   printf("%d\n", x / y);
> >> > >
> >> > >   return  0;
> >> > > }
> >> > >
> >> > > Thanks!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20140227/1d475e8b/attachment.html>

More information about the cfe-dev mailing list