[cfe-dev] analyzer: invoking a single analyzer from the static analysis tools.

Michael Katelman katelman at gmail.com
Thu Feb 27 16:31:48 PST 2014


This doesn't have the same issue that I encountered. As far as I can tell
it should do what you expect, but that's not saying much.


On Thu, Feb 27, 2014 at 10:37 AM, Aitor San Juan <aitor.sj at opendeusto.es>wrote:

> Ok, no worries. I've pasted the content of the "custom" shell script.
>
> The option marked (*) is what I added to enable my checker, but it seems
> to have no effect. I'm racking my brains to work it out. No successful
> result for the time being, though.
>
> Here you are. I hope it helps.
>
> #!/bin/bash
> /usr/local/src/build/Release+Asserts/bin/clang '-cc1' \
>     '-triple' 'x86_64-unknown-linux-gnu' \
>     '-analyze' \
>     '-disable-free' \
>     '-main-file-name' 'dcl41c_03_bad.c' \
>     '-analyzer-store=region' \
>     '-analyzer-opt-analyze-nested-blocks' \
>     '-analyzer-eagerly-assume' \
>     '-analyzer-checker=core' \
>     '-analyzer-checker=unix' \
>     '-analyzer-checker=deadcode' \
>     '-analyzer-checker=security.insecureAPI.UncheckedReturn' \
>     '-analyzer-checker=security.insecureAPI.getpw' \
>     '-analyzer-checker=security.insecureAPI.gets' \
>     '-analyzer-checker=security.insecureAPI.mktemp' \
>     '-analyzer-checker=security.insecureAPI.mkstemp' \
>     '-analyzer-checker=security.insecureAPI.vfork' \
>     '-analyzer-output' 'plist' '-w' \
>     '-mrelocation-model' 'static' \
>     '-mdisable-fp-elim' '-fmath-errno' \
>     '-masm-verbose' \
>     '-mconstructor-aliases' '-munwind-tables' \
>     '-target-cpu' 'x86-64' \
>     '-target-linker-version' '2.22' \
>     '-resource-dir'
> '/usr/local/src/build/Release+Asserts/bin/../lib/clang/3.5' \
>     '-internal-isystem' '/usr/local/include' \
>     '-internal-isystem'
> '/usr/local/src/build/Release+Asserts/bin/../lib/clang/3.5/include' \
>     '-internal-externc-isystem' '/usr/include/x86_64-linux-gnu' \
>     '-internal-externc-isystem' '/include' \
>     '-internal-externc-isystem' '/usr/include' \
>     '-fdebug-compilation-dir' '/home/user1/src' \
>     '-ferror-limit' '19' '-fmessage-length' '0' \
>     '-mstackrealign' \
>     '-fobjc-runtime=gcc' '-fdiagnostics-show-option' \
>     '-vectorize-slp' \
>     '-analyzer-display-progress' \
> (*) '-analyzer-checker=alpha.security.DCL41C' \
>     '-analyzer-output=html' \
>     '-o' '/tmp/scan-build-2014-02-26-4' \
>     '-x' 'c' 'dcl41c_03_bad.c'
>
>
> 2014-02-27 19:12 GMT+01:00 Michael Katelman <katelman at gmail.com>:
>
> Aitor,
>>
>> I think something got lost in my message. I understand the process that
>> you're talking about, but when I did it I needed to manually modify the
>> resulting bash script that was emitted; that's why I was asking about you
>> posting the full clang command (so I could see if you had made similar
>> changes to what I had). I did this through clang originally with -###, so
>> perhaps some of the edits aren't necessary since you used scan-build, but
>> one thing I'm wondering about is if the command that you're ultimately
>> running invokes the system installed clang or your locally built one, as I
>> needed to use -use-analyzer=... when invoking scan-build.
>>
>>
>> On Thu, Feb 27, 2014 at 4:03 AM, Aitor San Juan <aitor.sj at opendeusto.es>wrote:
>>
>>> Michael,
>>>>
>>>> You will see the complete command executed behind the scenes if you run
>>>> scan-build with the verbose option enabled (-v -v):
>>>>
>>>> scan-build -v -v -enable-checker my_checker_name clang -c my_file.c
>>>>
>>>> You may save the output to a file, get rid of the debug messages, save
>>>> the first lines, add #!/bin/bash at the beginning, and give it exec
>>>> permissions (chmod 755 your_script_name) to run it as a shell script.
>>>> That's what I did.
>>>>
>>>> However, the previous command seems to not effectively enable the
>>>> checker supplied at the command line. As I mentioned in my previous
>>>> message, the option "-enable-checker my_checker_name" to scan-build is
>>>> internally passed as '-analyzer-checker' 'my_checker_name'. If you inspect
>>>> the full command printed out by scan-build (when using -v -v), the default
>>>> checkers are enabled with the syntax '-analyzer-checker=core', and so on.
>>>>
>>>> I tried passing '-analyzer-checker=my_checker_name' in the shell
>>>> script, but apparently nothing happens.
>>>>
>>>> So I don't know how to enable my custom checker, which, according to
>>>> the manual, is disabled by default.
>>>>
>>>> Could anybody shed some light on this?
>>>> Many thanks.
>>>> Aitor.
>>>>
>>>>
>>>>> Date: Wed, 26 Feb 2014 13:04:24 -0800
>>>>> From: Michael Katelman <katelman at gmail.com>
>>>>> To: "cfe-dev at cs.uiuc.edu" <cfe-dev at cs.uiuc.edu>
>>>>>
>>>>> Subject: Re: [cfe-dev] analyzer: invoking a single analyzer from the
>>>>>         static analysis tools.
>>>>> Message-ID:
>>>>>         <
>>>>> CAAn2fBDsqM_x2wxbb7O+4OKA_9q4+uOKAOX5CTaL8na7B9yhEw at mail.gmail.com>
>>>>> Content-Type: text/plain; charset="iso-8859-1"
>>>>>
>>>>>
>>>>> I've gone down a similar road within the last couple of days. I'm not
>>>>> sure
>>>>> I'll be able to solve your problem -- I'm just familiarizing myself
>>>>> with
>>>>> the tools and code myself -- but I did get what you're talking about to
>>>>> work for the simple checker that I made. Would you mind posting the
>>>>> entirety of the shell script you made?
>>>>>
>>>>>
>>>>> On Wed, Feb 26, 2014 at 11:05 AM, Aitor San Juan <
>>>>> aitor.sj at opendeusto.es>wrote:
>>>>>
>>>>> > Hello,
>>>>> >
>>>>> > I have developed a simple checker, just to become familiar with
>>>>> Clang's
>>>>> > Checker API. I have sucessfully compiled it and installed in package
>>>>> > alpha.security. For the sake of understanding and tracing the
>>>>> execution
>>>>> > flow of the checker, I have added some "debug" lines like the
>>>>> following
>>>>> > (I'm aware this is discouraged):
>>>>> >
>>>>> > llvm::outs() << "BEGIN: checkPreStmt" << "\n";
>>>>> >
>>>>> > I run scan-build or clang --analyze, as suggested in previous
>>>>> answers, but
>>>>> > I don't see the messages printed out. The commands I'm running are:
>>>>> >
>>>>> > (1) clang --analyze my_file.c
>>>>> >
>>>>> > (2) scan-build clang -c my_file.c
>>>>> >
>>>>> > Reading the manual, I understand that the reason is that "my"
>>>>> checker is
>>>>> > not enabled by default, only a few.
>>>>> >
>>>>> > So I tried the following command to enable it:
>>>>> >
>>>>> > (3) scan-build -enable-checker alpha.security.DCL41C clang -c
>>>>> my_file.c
>>>>> >
>>>>> > but again my "debugging" messages don't appear in the standard
>>>>> output. So
>>>>> > enabling verbose info with "-v -v" in command (3), I can see the
>>>>> complete
>>>>> > command line run behind the scenes, and scan-build is passing:
>>>>> >
>>>>> > '-analyzer-checker' 'alpha.security.DCL41C'
>>>>> >
>>>>> > but I've remarked that the checkers enabled by default are being
>>>>> enabled
>>>>> > like this:
>>>>> >
>>>>> >  '-analyzer-checker=core' '-analyzer-checker=unix'
>>>>> > '-analyzer-checker=deadcode'
>>>>> > '-analyzer-checker=security.insecureAPI.UncheckedReturn'
>>>>> >
>>>>> > So I saved the complete command lie to a shell script, and changed
>>>>> the
>>>>> > options '-analyzer-checker' 'alpha.security.DCL41C' to
>>>>> > '-analyzer-checker=alpha.security.DCL41C'
>>>>> >
>>>>> > The same problem: I don't see the messages of llvm:outs, so I don't
>>>>> > whether my checker is being called, or the output of llvm::outs is
>>>>> going to
>>>>> > some other place I don't know.
>>>>> >
>>>>> > My Clang version is a build that dates back to late Dec. 2013. I
>>>>> hope it's
>>>>> > not a bug :-(
>>>>> >
>>>>> > clang version 3.5 (trunk 197976) (llvm/trunk 197973)
>>>>> > Target: x86_64-unknown-linux-gnu
>>>>> > Thread model: posix
>>>>> >
>>>>> > Any help would he highly appreciated
>>>>> >
>>>>> > Date: Tue, 25 Feb 2014 11:37:17 -0800
>>>>> >
>>>>> >> From: Michael Katelman <katelman at gmail.com>
>>>>> >> To: Ted Kremenek <kremenek at apple.com>
>>>>> >> Cc: cfe-dev at cs.uiuc.edu
>>>>> >> Subject: Re: [cfe-dev] analyzer: invoking a single analyzer from the
>>>>> >>         static analysis tools.
>>>>> >> Message-ID:
>>>>> >>         <
>>>>> >> CAAn2fBCGH69fAWP_kXGpwpqjAykj29ps9RfcPbNi9e4foqqKuQ at mail.gmail.com>
>>>>> >> Content-Type: text/plain; charset="iso-8859-1"
>>>>> >>
>>>>> >>
>>>>> >> Hi Ted,
>>>>> >>
>>>>> >> Thanks for the help! I actually have a follow-up question, though.
>>>>> This
>>>>> >> question came up because I was toying around with developing my own
>>>>> simple
>>>>> >> checker and wanted to test it out. My first inclination was to do
>>>>> this in
>>>>> >> isolation from the other checkers which is why I attempted the
>>>>> invocation
>>>>> >> from my original post, but perhaps you're saying that even for a dev
>>>>> >> situation like this just run the whole platter of checkers? Or, did
>>>>> you
>>>>> >> just mean for a general usage scenario where someone isn't adding
>>>>> new
>>>>> >> checkers etc.?
>>>>> >>
>>>>> >> I just ended up using --analyze because the scan-build command I
>>>>> could
>>>>> >> figure out was somewhat more verbose, needing --use-analyzer=...
>>>>> etc.;
>>>>> >> but,
>>>>> >> I was mostly fumbling around trying to get it to work, so I'm sure
>>>>> I'm
>>>>> >> missing a bunch of different things.
>>>>> >>
>>>>> >> Thanks again.
>>>>> >>
>>>>> >> -Mike
>>>>> >>
>>>>> >>
>>>>> >> On Tue, Feb 25, 2014 at 11:00 AM, Ted Kremenek <kremenek at apple.com>
>>>>> >> wrote:
>>>>> >>
>>>>> >> > Hi Michael,
>>>>> >> >
>>>>> >> > It's not recommended to run the low-level driver like this.  You
>>>>> can
>>>>> >> just
>>>>> >> > use scan-build, for example:
>>>>> >> >
>>>>> >> >   $ scan-build clang -c /tmp/main.c
>>>>> >> >
>>>>> >> > or more generally
>>>>> >> >
>>>>> >> >   $ scan-build <compiler line>
>>>>> >> >
>>>>> >> > You can also use:
>>>>> >> >
>>>>> >> >   $ clang --analyze /tmp/main.c
>>>>> >>
>>>>> >> >
>>>>> >> > directly.  That's somewhat discouraged because the long-term idea
>>>>> is
>>>>> >> that
>>>>> >> > the static analyzer supports global analysis.  The intention is
>>>>> that you
>>>>> >> > can declare a set of files to analyze and they get analyzed
>>>>> together,
>>>>> >> > whereas the latter line is clearly just analyzing a particular
>>>>> file
>>>>> >> using
>>>>> >> > clang.
>>>>> >> >
>>>>> >> > Cheers,
>>>>> >> > Ted
>>>>> >> >
>>>>> >> > On Feb 21, 2014, at 2:22 PM, Michael Katelman <katelman at gmail.com
>>>>> >
>>>>> >> wrote:
>>>>> >> >
>>>>> >> > > I was wondering if someone might be able to help me with cleanly
>>>>> >> > invoking a single analyzer from the static analysis tools.
>>>>> >> > >
>>>>> >> > > I am not sure what I need to do (or, should be doing instead)
>>>>> in a
>>>>> >> > situation like the one below where I've got a header like stdio.h
>>>>> >> included
>>>>> >> > (--analyze figures it out, but then it appears that I lose the
>>>>> ability
>>>>> >> to
>>>>> >> > apply a single checker) :
>>>>> >> > >
>>>>> >> > > %  ./Debug+Asserts/bin/clang -cc1 -analyze
>>>>> >> > -analyzer-checker=core.DivideZero ./tmp/main.c
>>>>> >> > >
>>>>> >> > > ./tmp/main.c:1:10: fatal error: 'stdio.h' file not found
>>>>> >> > > #include <stdio.h>
>>>>> >> > >          ^
>>>>> >> > > 1 error generated.
>>>>> >> > >
>>>>> >> > >  % cat ./tmp /main.c
>>>>> >> > >
>>>>> >> > > #include <stdio.h>
>>>>> >> > >
>>>>> >> > > int main( int argc, char** argv){
>>>>> >> > >   int x = 1;
>>>>> >> > >   int y = 0;
>>>>> >> > >
>>>>> >> > >   printf("%d\n", x / y);
>>>>> >> > >
>>>>> >> > >   return  0;
>>>>> >> > > }
>>>>> >> > >
>>>>> >> > > Thanks!
>>>>>
>>>>
>>>
>>> _______________________________________________
>>> cfe-dev mailing list
>>> cfe-dev at cs.uiuc.edu
>>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20140227/1c8e5b7d/attachment.html>


More information about the cfe-dev mailing list