[cfe-dev] Help required to use clang analyzer

Artem Dergachev via cfe-dev cfe-dev at lists.llvm.org
Wed Mar 6 12:42:55 PST 2019 

That'd be an equivalent of stuffing an -analyzer-checker flag directly 
into the compilation database. In order to attach the flag to the Static 
Analyzer rather than to the compiler, there are special scan-build 
flags, eg.:

     scan-build -enable-checker alpha.security.taint.TaintPropagation 
clang -c test.cpp

On 3/5/19 7:59 AM, Kristóf Umann wrote:
> Hi!
>
> I never used scan-build before, I have to admit -- but it seems like 
> that it takes a compiler invocation as an argument, so you might as 
> well invoke it like this:
>
> scan-build clang test.cpp -c 
> -Xclang -analyzer-checker=alpha.security.taint.TaintPropagation
>
> The -c flag tells clang to only run the compilation, but not the code 
> generation steps. As I understand it.
>
> Cheers,
> Kristóf Umann
>
> Arnab Kumar Biswas via cfe-dev <cfe-dev at lists.llvm.org 
> <mailto:cfe-dev at lists.llvm.org>> ezt írta (időpont: 2019. márc. 5., K, 
> 2:21):
>
>     Hi,
>     I want to thank you for replying my question.
>
>     Actually I want to use the taint checker or modify it.
>
>     clang -cc1 -analyze
>     -analyzer-checker=alpha.security.taint.TaintPropagation test.c
>
>     But it produced the same error as I mentioned in my last question.
>
>     Please tell me the procedure to use a particular checker. I was
>     following the description as given in
>     http://clang-developers.42468.n3.nabble.com/Purpose-of-GenericTaintChecker-td4051900.html
>     and http://clang-analyzer.llvm.org/checker_dev_manual.html
>     <http://clang-analyzer.llvm.org/checker_dev_manual.html>.
>
>     I have tested the command "scan-build clang test.c" and it is
>     working correctly. But I am not really interested to create the
>     a.out and more interested to do the static analysis and get some
>     kind of report.
>
>
>
>     ------------------------------------------------------------------------
>     *From:* Artem Dergachev <noqnoqneo at gmail.com
>     <mailto:noqnoqneo at gmail.com>>
>     *Sent:* Tuesday, 5 March 2019 1:42 AM
>     *To:* Arnab Kumar Biswas; cfe-dev at lists.llvm.org
>     <mailto:cfe-dev at lists.llvm.org>
>     *Subject:* Re: [cfe-dev] Help required to use clang analyzer
>     Hi,
>
>     Using -cc1 disables the clang Driver. The Driver is responsible
>     for gcc
>     compatibility, which, apart from being able to translate gcc flags to
>     clang flags, adds support for finding system headers in places
>     where gcc
>     usually looks for them. There are other drivers, such as clang-cl
>     which
>     turns clang into a drop-in replacement for the Visual Studio's cl.exe.
>
>     Running without the driver is not recommended for everyday use,
>     only for
>     development of clang itself.
>
>     If you want to run the Static Analyzer on a single file, you can do
>
>          clang --analyze test.c
>
>     But even better, you should use the scan-build tool to analyze the
>     entire project, for example:
>
>          scan-build clang test.c
>
>     or
>
>          scan-build gcc test.c
>
>     or
>
>          scan-build make -j4
>
>     etc. See https://clang-analyzer.llvm.org/scan-build.html for more
>     details.
>
>
>     On 3/3/19 10:41 PM, Arnab Kumar Biswas via cfe-dev wrote:
>     > Hi,
>     > I am trying to use clang analyzer using the below command.
>     >
>     > clang -cc1 -analyze -analyzer-checker=alpha.core test.c
>     >
>     > I am getting the following error.
>     >
>     > test.c:1:10: fatal error: 'sys/stat.h' file not found
>     > #include <sys/stat.h>
>     >          ^~~~~~~~~~~~
>     > 1 error generated.
>     >
>     > If I use the command,
>     > clang test.c
>     > there is no error.
>     >
>     > Please help me to solve the error.
>     >
>     > Arnab
>     >
>     >
>     >
>     ------------------------------------------------------------------------
>     >
>     > Important: This email is confidential and may be privileged. If you
>     > are not the intended recipient, please delete it and notify us
>     > immediately; you should not copy or use it for any purpose, nor
>     > disclose its contents to any other person. Thank you.
>     >
>     > _______________________________________________
>     > cfe-dev mailing list
>     > cfe-dev at lists.llvm.org <mailto:cfe-dev at lists.llvm.org>
>     > https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>
>
>     ------------------------------------------------------------------------
>
>     Important: This email is confidential and may be privileged. If
>     you are not the intended recipient, please delete it and notify us
>     immediately; you should not copy or use it for any purpose, nor
>     disclose its contents to any other person. Thank you.
>     _______________________________________________
>     cfe-dev mailing list
>     cfe-dev at lists.llvm.org <mailto:cfe-dev at lists.llvm.org>
>     https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20190306/0a14f44f/attachment.html>

More information about the cfe-dev mailing list