[cfe-dev] Learning how to use and deploy 'scan-build'
Martin J. O'Riordan via cfe-dev
cfe-dev at lists.llvm.org
Sat Nov 12 11:19:30 PST 2016
Typo:
and invoked ‘scan-build’ as follows:
scan-build --use-cc clang --use-c++ clang++ -v -v -v -o check make build
From: Martin J. O'Riordan [mailto:martin.oriordan at movidius.com]
Sent: 12 November 2016 19:18
To: 'ganna at apple.com' <ganna at apple.com>
Cc: 'Aleksei Sidorin' <a.sidorin at samsung.com>; 'cfe-dev' <cfe-dev at lists.llvm.org>
Subject: RE: [cfe-dev] Learning how to use and deploy 'scan-build'
I changed my test case to just:
int main () {
int zero = 0;
return 5 / 0;
}
and invoked ‘scan-build’ as follows:
scan-build --use-cc clang --use-c++ = clang++ -v -v -v -o check make build
and this causes a warning from the compiler:
ANALYZE (Syntax): testScanBuild.cpp main
ANALYZE (Path, Inline_Regular): testScanBuild.cpp main
testScanBuild.cpp:350:12: warning: Division by zero
return 5 / zero;
~~^~~~~~
1 warning generated.
But I still get the message stating:
scan-build: Removing directory '<test-cygpath>/ScanBuild/check/2016-11-12-190818-7508-1' because it contains no reports.
scan-build: No bugs found.
Omitting the ‘-enable-checker’ option enables the following checkers (by default):
-analyzer-store=region
-analyzer-opt-analyze-nested-blocks
-analyzer-eagerly-assume
-analyzer-checker=core
-analyzer-checker=unix
-analyzer-checker=deadcode
-analyzer-checker=cplusplus
-analyzer-checker=security.insecureAPI.UncheckedReturn
-analyzer-checker=security.insecureAPI.getpw
-analyzer-checker=security.insecureAPI.gets
-analyzer-checker=security.insecureAPI.mktemp
-analyzer-checker=security.insecureAPI.mkstemp
-analyzer-checker=security.insecureAPI.vfork
-analyzer-checker=nullability.NullPassedToNonnull
-analyzer-checker=nullability.NullReturnedFromNonnull
This is strange, because the compiler clearly detects the issue and warns, but I am not getting a report, so something else must be broken in my configuration. I have not altered any of the Perl scripts.
I get the same results running on Linux (CentOS 7).
MartinO
From: ganna at apple.com <mailto:ganna at apple.com> [mailto:ganna at apple.com]
Sent: 12 November 2016 18:19
To: Martin.ORiordan at Movidius.com <mailto:Martin.ORiordan at Movidius.com>
Cc: Aleksei Sidorin <a.sidorin at samsung.com <mailto:a.sidorin at samsung.com> >; cfe-dev <cfe-dev at lists.llvm.org <mailto:cfe-dev at lists.llvm.org> >
Subject: Re: [cfe-dev] Learning how to use and deploy 'scan-build'
I recommend not limiting the analysis to these 2 packages unless you see that the other packages turned on by default report false positives on your codebase.
The checkers you’ve enabled will not find this bug. Try testing with devision by zero or null pointer dereference:
int x = 0;
return 5/x;
or
int *x = 0;
*x = 5;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20161112/7859185b/attachment.html>
More information about the cfe-dev
mailing list