| andybons | 3322f76 | 2015-08-24 21:37:09 | [diff] [blame^] | 1 | See the [official clang static analyzer page](http://clang-analyzer.llvm.org/) for background. |
| 2 | |
| 3 | We don't run this regularly (because the analyzer's [support for C++ isn't great yet](http://clang-analyzer.llvm.org/dev_cxx.html)), so everything on this page is likely broken. The last time I checked, the analyzer reported mostly uninteresting things. This assumes you're [building chromium with clang](Clang.md). |
| 4 | |
| 5 | You need an llvm checkout to get `scan-build` and `scan-view`; the easiest way to get that is to run |
| 6 | ``` |
| 7 | tools/clang/scripts/update.sh --force-local-build --without-android |
| 8 | ``` |
| 9 | |
| 10 | ## With make |
| 11 | |
| 12 | To build base, if you use the make build: |
| 13 | |
| 14 | ``` |
| 15 | builddir_name=out_analyze \ |
| 16 | PATH=$PWD/third_party/llvm-build/Release+Asserts/bin:$PATH \ |
| 17 | third_party/llvm/tools/clang/tools/scan-build/scan-build \ |
| 18 | --keep-going --use-cc clang --use-c++ clang++ \ |
| 19 | make -j8 base |
| 20 | ``` |
| 21 | |
| 22 | (`builddir_name` is set to force a clobber build.) |
| 23 | |
| 24 | Once that's done, run `third_party/llvm/tools/clang/tools/scan-view/scan-view` to see the results; pass in the pass that `scan-build` outputs. |
| 25 | |
| 26 | ## With ninja |
| 27 | |
| 28 | scan-build does its stuff by mucking with $CC/$CXX, which ninja ignores. gyp does look at $CC/$CXX however, so you need to first run gyp\_chromium under scan-build: |
| 29 | ``` |
| 30 | time GYP_GENERATORS=ninja \ |
| 31 | GYP_DEFINES='component=shared_library clang_use_chrome_plugins=0 mac_strip_release=0 dcheck_always_on=1' \ |
| 32 | third_party/llvm/tools/clang/tools/scan-build/scan-build \ |
| 33 | --use-analyzer $PWD/third_party/llvm-build/Release+Asserts/bin/clang \ |
| 34 | build/gyp_chromium -Goutput_dir=out_analyze |
| 35 | ``` |
| 36 | You then need to run the build under scan-build too, to get a HTML report: |
| 37 | ``` |
| 38 | time third_party/llvm/tools/clang/tools/scan-build/scan-build \ |
| 39 | --use-analyzer $PWD/third_party/llvm-build/Release+Asserts/bin/clang \ |
| 40 | ninja -C out_analyze/Release/ base |
| 41 | ``` |
| 42 | Then run `scan-view` as described above. |
| 43 | |
| 44 | ## Known False Positives |
| 45 | |
| 46 | * http://llvm.org/bugs/show_bug.cgi?id=11425 |
| 47 | |
| 48 | ## Stuff found by the static analyzer |
| 49 | |
| 50 | * http://code.google.com/p/skia/issues/detail?id=399 |
| 51 | * http://code.google.com/p/skia/issues/detail?id=400 |
| 52 | * http://codereview.chromium.org/8308008/ |
| 53 | * http://codereview.chromium.org/8313008/ |
| 54 | * http://codereview.chromium.org/8308009/ |
| 55 | * http://codereview.chromium.org/10031018/ |
| 56 | * https://codereview.chromium.org/12390058/ |
