[cfe-dev] Learning how to use and deploy 'scan-build'

Anna Zaks via cfe-dev cfe-dev at lists.llvm.org
Sat Nov 12 11:53:57 PST 2016


Please, use the examples I provided in the previous email. The analyzer tries to avoid reporting the issues that can be found by the compiler.

Annas-MBP-3:compiler-rt anna$ clang --analyze ~/tmp/ex.c
/Users/anna/tmp/ex.c:6:11: warning: Division by zero
  return 5/x + 5/0;
         ~^~
1 warning generated.
Annas-MBP-3:compiler-rt anna$ clang -fsyntax-only ~/tmp/ex.c
/Users/anna/tmp/ex.c:6:17: warning: division by zero is undefined [-Wdivision-by-zero]
  return 5/x + 5/0;
                ^~
1 warning generated.

> On Nov 12, 2016, at 11:19 AM, Martin J. O'Riordan <martin.oriordan at movidius.com> wrote:
> 
> Typo:
>  
> and invoked ‘scan-build’ as follows:
>  
> scan-build --use-cc clang --use-c++ clang++ -v -v -v -o check make build
>  
> From: Martin J. O'Riordan [mailto:martin.oriordan at movidius.com <mailto:martin.oriordan at movidius.com>] 
> Sent: 12 November 2016 19:18
> To: 'ganna at apple.com <mailto:ganna at apple.com>' <ganna at apple.com <mailto:ganna at apple.com>>
> Cc: 'Aleksei Sidorin' <a.sidorin at samsung.com <mailto:a.sidorin at samsung.com>>; 'cfe-dev' <cfe-dev at lists.llvm.org <mailto:cfe-dev at lists.llvm.org>>
> Subject: RE: [cfe-dev] Learning how to use and deploy 'scan-build'
>  
> I changed my test case to just:
>  
> int main () {
>   int zero = 0;
>  return 5 / 0;
> }
>  
> and invoked ‘scan-build’ as follows:
>  
> scan-build --use-cc clang --use-c++ = clang++ -v -v -v -o check make build
>  
> and this causes a warning from the compiler:
>  
> ANALYZE (Syntax): testScanBuild.cpp main
> ANALYZE (Path,  Inline_Regular): testScanBuild.cpp main
> testScanBuild.cpp:350:12: warning: Division by zero
>   return 5 / zero;
>          ~~^~~~~~
> 1 warning generated.
>  
> But I still get the message stating:
>  
> scan-build: Removing directory '<test-cygpath>/ScanBuild/check/2016-11-12-190818-7508-1' because it contains no reports.
> scan-build: No bugs found.
>  
> Omitting the ‘-enable-checker’ option enables the following checkers (by default):
>  
>     -analyzer-store=region
>     -analyzer-opt-analyze-nested-blocks
>     -analyzer-eagerly-assume
>     -analyzer-checker=core
>     -analyzer-checker=unix
>     -analyzer-checker=deadcode
>     -analyzer-checker=cplusplus
>     -analyzer-checker=security.insecureAPI.UncheckedReturn
>     -analyzer-checker=security.insecureAPI.getpw
>     -analyzer-checker=security.insecureAPI.gets
>     -analyzer-checker=security.insecureAPI.mktemp
>     -analyzer-checker=security.insecureAPI.mkstemp
>     -analyzer-checker=security.insecureAPI.vfork
>     -analyzer-checker=nullability.NullPassedToNonnull
>     -analyzer-checker=nullability.NullReturnedFromNonnull
>  
> This is strange, because the compiler clearly detects the issue and warns, but I am not getting a report, so something else must be broken in my configuration.  I have not altered any of the Perl scripts.
>  
> I get the same results running on Linux (CentOS 7).
>  
>             MartinO
>  
> From: ganna at apple.com <mailto:ganna at apple.com> [mailto:ganna at apple.com <mailto:ganna at apple.com>] 
> Sent: 12 November 2016 18:19
> To: Martin.ORiordan at Movidius.com <mailto:Martin.ORiordan at Movidius.com>
> Cc: Aleksei Sidorin <a.sidorin at samsung.com <mailto:a.sidorin at samsung.com>>; cfe-dev <cfe-dev at lists.llvm.org <mailto:cfe-dev at lists.llvm.org>>
> Subject: Re: [cfe-dev] Learning how to use and deploy 'scan-build'
>  
> I recommend not limiting the analysis to these 2 packages unless you see that the other packages turned on by default report false positives on your codebase.
> 
> The checkers you’ve enabled will not find this bug. Try testing with devision by zero or null pointer dereference:
>  
> int x = 0;
> return 5/x;
>  
> or 
>  
> int *x = 0;
> *x = 5;

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20161112/40af94e3/attachment.html>


More information about the cfe-dev mailing list