blob: 84179f87dedeedd115368bcf2eb2cec249f9fe6e [file] [log] [blame] [view]
andybons3322f762015-08-24 21:37:091See the [official clang static analyzer page](http://clang-analyzer.llvm.org/) for background.
2
3We don't run this regularly (because the analyzer's [support for C++ isn't great yet](http://clang-analyzer.llvm.org/dev_cxx.html)), so everything on this page is likely broken. The last time I checked, the analyzer reported mostly uninteresting things. This assumes you're [building chromium with clang](Clang.md).
4
5You need an llvm checkout to get `scan-build` and `scan-view`; the easiest way to get that is to run
6```
7tools/clang/scripts/update.sh --force-local-build --without-android
8```
9
10## With make
11
12To build base, if you use the make build:
13
14```
15builddir_name=out_analyze \
16PATH=$PWD/third_party/llvm-build/Release+Asserts/bin:$PATH \
17third_party/llvm/tools/clang/tools/scan-build/scan-build \
18 --keep-going --use-cc clang --use-c++ clang++ \
19 make -j8 base
20```
21
22(`builddir_name` is set to force a clobber build.)
23
24Once that's done, run `third_party/llvm/tools/clang/tools/scan-view/scan-view` to see the results; pass in the pass that `scan-build` outputs.
25
26## With ninja
27
28scan-build does its stuff by mucking with $CC/$CXX, which ninja ignores. gyp does look at $CC/$CXX however, so you need to first run gyp\_chromium under scan-build:
29```
30time GYP_GENERATORS=ninja \
31GYP_DEFINES='component=shared_library clang_use_chrome_plugins=0 mac_strip_release=0 dcheck_always_on=1' \
32third_party/llvm/tools/clang/tools/scan-build/scan-build \
33 --use-analyzer $PWD/third_party/llvm-build/Release+Asserts/bin/clang \
34 build/gyp_chromium -Goutput_dir=out_analyze
35```
36You then need to run the build under scan-build too, to get a HTML report:
37```
38time third_party/llvm/tools/clang/tools/scan-build/scan-build \
39 --use-analyzer $PWD/third_party/llvm-build/Release+Asserts/bin/clang \
40 ninja -C out_analyze/Release/ base
41```
42Then run `scan-view` as described above.
43
44## Known False Positives
45
46 * http://llvm.org/bugs/show_bug.cgi?id=11425
47
48## Stuff found by the static analyzer
49
50 * http://code.google.com/p/skia/issues/detail?id=399
51 * http://code.google.com/p/skia/issues/detail?id=400
52 * http://codereview.chromium.org/8308008/
53 * http://codereview.chromium.org/8313008/
54 * http://codereview.chromium.org/8308009/
55 * http://codereview.chromium.org/10031018/
56 * https://codereview.chromium.org/12390058/