Static Analysis with clang

In this lab, we will also get acquainted with the capabilities of the Clang Static Analyzer which ships with the clang compiler.

Unpack the latest build for Mac OS X from here. (If you have your own Linux machine, installing the clang package suffices.)
In file libexec/ccc-analyzer, line 689, change the command /usr/bin/xcrun --show-sdk-path -sdk macosx to /usr/bin/xcode-select --print-path (to account for the older version of XCode installed).
Put the bin subdirectory in your PATH: export PATH=/full/path/to/checker-278/bin:$PATH
You are now ready to run the analyzer.

Pick a suitable C/C++ project. You could try GNU findutils, e.g. the last 4.2 release, 4.2.33. Since many open source projects now use similar tools, if you pick a very recent version, many bugs/warnings may have been fixed.

Build the project using the Clang analyzer. Prefix scan-build to any usual build commands. For instance, instead of ./configure; make use scan-build ./configure; scan-build make (in the lab, you may have to explicitly set the include path: CPATH=/usr/include scan-build make).

When the build finishes, it prints a directory name with the analysis reports. Use scan-view directoryname or simply load index.html from that directory in your browser.

Examine warnings, start with the more serious ones and shorter execution paths first. If the error is easily reachable, try to confirm by running the code.


Marius Minea
Last modified: Tue Nov 1 9:25:00 EET 2016