index.html revision 5a9bd1169347783112b1fb472a2d8a177529ba73
1591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" 2591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek "http://www.w3.org/TR/html4/strict.dtd"> 3591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<html> 4591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<head> 5591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <title>Clang Static Analyzer</title> 65a9bd1169347783112b1fb472a2d8a177529ba73Ted Kremenek <link type="text/css" rel="stylesheet" href="/content.css" /> 75a9bd1169347783112b1fb472a2d8a177529ba73Ted Kremenek <link type="text/css" rel="stylesheet" href="/menu.css" /> 85a9bd1169347783112b1fb472a2d8a177529ba73Ted Kremenek <link type="text/javascript" rel="javascript" href="/menu.css"/> 9591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek</head> 10591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<body> 11591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 12591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<!--#include virtual="menu.html.incl"--> 13591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 14591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<div id="content"> 155a9bd1169347783112b1fb472a2d8a177529ba73Ted Kremenek<table style="margin-top:-10px; padding:5px" border=0> 165a9bd1169347783112b1fb472a2d8a177529ba73Ted Kremenek<tr><td> 175a9bd1169347783112b1fb472a2d8a177529ba73Ted Kremenek<h1>Clang Static Analyzer</h1> 18591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<p>The Clang Static Analyzer consists of both a source code analysis framework 19591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekand a standalone tool that finds bugs in C and Objective-C programs. The 20591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekstandalone tool is invoked from the command-line, and is intended to run in 21591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenektandem with a build of a project or code base.</p> 22591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 23591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<p>Both are 100% open source and are part of the <a 24591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekhref="http://clang.llvm.org">Clang</a> project.</p> 2551667ee4bf2c6df038bc8e1b7cc79a0d2d0d950fTed Kremenek 26591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<!-- Generated from: http://www.spiffycorners.com/index.php --> 27591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 28591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<style type="text/css"> 29591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek.spiffy{display:block} 30591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek.spiffy *{ 31591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek display:block; 32591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek height:1px; 33591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek overflow:hidden; 34591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek font-size:.01em; 35591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek background:#EBF0FA} 36591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek.spiffy1{ 37591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek margin-left:3px; 38591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek margin-right:3px; 39591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek padding-left:1px; 40591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek padding-right:1px; 41591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek border-left:1px solid #f6f8fc; 42591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek border-right:1px solid #f6f8fc; 43591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek background:#f0f3fb} 44591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek.spiffy2{ 45591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek margin-left:1px; 46591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek margin-right:1px; 47591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek padding-right:1px; 48591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek padding-left:1px; 49591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek border-left:1px solid #fdfdfe; 50591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek border-right:1px solid #fdfdfe; 51591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek background:#eef2fa} 52591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek.spiffy3{ 53591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek margin-left:1px; 54591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek margin-right:1px; 55591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek border-left:1px solid #eef2fa; 56591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek border-right:1px solid #eef2fa;} 57591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek.spiffy4{ 58591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek border-left:1px solid #f6f8fc; 59591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek border-right:1px solid #f6f8fc} 60591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek.spiffy5{ 61591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek border-left:1px solid #f0f3fb; 62591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek border-right:1px solid #f0f3fb} 63591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek.spiffyfg{ 64591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek background:#EBF0FA} 65591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 66591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek.spiffyfg h2 { 67591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek margin:0px; padding:10px; 68591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek} 69591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek</style> 70591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 71591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<style type="text/css"> 72591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek #left { float:left; } 73591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek #left h2 { margin:1px; padding-top:0px; } 74591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek #right { float:left; margin-left:20px; margin-right:20px; padding:0px ;} 75591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek #right h2 { padding:0px; margin:0px; } 76591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek #wrappedcontent { padding:15px;} 77591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek</style> 78591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 795a9bd1169347783112b1fb472a2d8a177529ba73Ted Kremenek<div style="margin-left:25px; margin-right:25px; padding:0px; font-size: 80%"> 80591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <b class="spiffy"> 81591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <b class="spiffy1"><b></b></b> 82591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <b class="spiffy2"><b></b></b> 83591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <b class="spiffy3"></b> 84591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <b class="spiffy4"></b> 85591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <b class="spiffy5"></b></b> 86591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <div class="spiffyfg"> 87591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <div style="padding:15px"> 88591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <h2 style="padding:0px; margin:0px">Download</h2> 89591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <h3 style="margin-top:5px">Mac OS X</h3> 90591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <ul> 91591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <li>Latest build (Universal binary, 10.5+): 92591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <!--#include virtual="latest_checker.html.incl"--> 93591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek </li> 94591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <li><a href="/installation.html">Installation</a> and <a 95591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek href="/scan-build.html">usage</a></li> 96591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek </ul> 97591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <h3>Other Platforms</h3> 98591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <p>For other platforms, please follow the instructions for <a 99591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek href="/installation#OtherPlatforms">building the analyzer</a> from 100591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek source code.<p> 101591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek </div> 102591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek </div> 103591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <b class="spiffy"> 104591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <b class="spiffy5"></b> 105591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <b class="spiffy4"></b> 106591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <b class="spiffy3"></b> 107591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <b class="spiffy2"><b></b></b> 108591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <b class="spiffy1"><b></b></b></b> 109591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek</div> 110591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 111591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<h2 id="StaticAnalysis">What is Static Analysis?</h2> 112591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 113591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<p>The term "static analysis" is conflated, but here we use it to mean 114591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremeneka collection of algorithms and techniques used to analyze source code in order 115591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekto automatically find bugs. The idea is similar in spirit to compiler warnings 116591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek(which can be useful for finding coding errors) but to take that idea a step 117591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekfurther and find bugs that are traditionally found using run-time debugging 118591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenektechniques such as testing.</p> 119591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 120591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<p>Static analysis bug-finding tools have evolved over the last several decades 121591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekfrom basic syntactic checkers to those that find deep bugs by reasoning about 122591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekthe semantics of code. The goal of the Clang Static Analyzer is to provide a 123591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekindustrial-quality static analysis framework for analyzing C and Objective-C 124591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekprograms that is freely available, extensible, and has a high quality of 125591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekimplementation.</p> 126591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 1275a9bd1169347783112b1fb472a2d8a177529ba73Ted Kremenek 1285a9bd1169347783112b1fb472a2d8a177529ba73Ted Kremenek 1295a9bd1169347783112b1fb472a2d8a177529ba73Ted Kremenek 1305a9bd1169347783112b1fb472a2d8a177529ba73Ted Kremenek</td><td> 1315a9bd1169347783112b1fb472a2d8a177529ba73Ted Kremenek<a href="images/analyzer_xcode.png"><img src="images/analyzer_xcode.png" width="450x"></a> 1325a9bd1169347783112b1fb472a2d8a177529ba73Ted Kremenek<center><b>Viewing static analyzer results in Xcode 3.2</b></center> 1335a9bd1169347783112b1fb472a2d8a177529ba73Ted Kremenek<a href="images/analyzer_html.png"><img src="images/analyzer_html.png" width="450px"></a> 1345a9bd1169347783112b1fb472a2d8a177529ba73Ted Kremenek<center><b>Viewing static analyzer results in web browser</b></center> 1355a9bd1169347783112b1fb472a2d8a177529ba73Ted Kremenek</td></tr></table> 1365a9bd1169347783112b1fb472a2d8a177529ba73Ted Kremenek 137591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<h3 id="Clang">Part of Clang and LLVM</h3> 138591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 139591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<p>As its name implies, the Clang Static Analyzer is built on top of <a 140591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekhref="http://clang.llvm.org">Clang</a> and <a href="http://llvm.org">LLVM</a>. 141591b907b3b29efa4047fc0aba042fdc81b45d5dcTed KremenekStrictly speaking, the analyzer is part of Clang, as Clang consists of a set of 142591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekreusable C++ libraries for building powerful source-level tools. The static 143591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekanalysis engine used by the Clang Static Analyzer is a Clang library, and has 144591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekthe capability to be reused in different contexts and by different clients.</p> 145591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 146591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<h2>Important Points to Consider</h2> 147591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 148591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<p>While we believe that the static analyzer is already very useful for finding 149591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekbugs, we ask you to bear in mind a few points when using it.</p> 150591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 151591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<h3>Work-in-Progress</h3> 152591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 153591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<p>The analyzer is a continuous work-in-progress. 154591b907b3b29efa4047fc0aba042fdc81b45d5dcTed KremenekThere are many planned enhancements to improve both the precision and scope of 155591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekits analysis algorithms as well as the kinds bugs it will find. While there are 156591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekfundamental limitations to what static analysis can do, we have a long way to go 157591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekbefore hitting that wall.</p> 158591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 159591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<h3>Slower than Compilation</h3> 160591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 161591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<p>Operationally, using static analysis to 162591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekautomatically find deep program bugs is about trading CPU time for the hardening 163591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekof code. Because of the deep analysis performed by state-of-the-art static 164591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekanalysis tools, static analysis can be much slower than compilation.</p> 165591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 166591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<p>While the Clang Static Analyzer is being designed to be as fast and 167591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremeneklight-weight as possible, please do not expect it to be as fast as compiling a 168591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekprogram (even with optimizations enabled). Some of the algorithms needed to find 169591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekbugs require in the worst case exponential time.</p> 170591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 171591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<p>The Clang Static Analyzer runs in a reasonable amount of time by both 172591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekbounding the amount of checking work it will do as well as using clever 173591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekalgorithms to reduce the amount of work it must do to find bugs.</p></li> 174591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 175591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<h3>False Positives</h3> 176591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 177591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<p>Static analysis is not perfect. It can falsely flag bugs in a program where 178591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekthe code behaves correctly. Because some code checks require more analysis 179591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekprecision than others, the frequency of false positives can vary widely between 180591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekdifferent checks. Our long-term goal is to have the analyzer have a low false 181591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekpositive rate for most code on all checks.</p> 182591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 183591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<p>Please help us in this endeavor by <a href="filing_bugs.html">reporting false 184591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekpositives</a>. False positives cannot be addressed unless we know about 185591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekthem.</p> 186591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 187591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<h3>More Checks</h3> 188591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 1890c3a16d5da555c6a78ece6cb6e8eab46aa0ed010Zhongxing Xu<p>Static analysis is not magic; a static analyzer can only find bugs that it 1900c3a16d5da555c6a78ece6cb6e8eab46aa0ed010Zhongxing Xuhas been specifically engineered to find. If there are specific kinds of bugs 1910c3a16d5da555c6a78ece6cb6e8eab46aa0ed010Zhongxing Xuyou would like the Clang Static Analyzer to find, please feel free to 1920c3a16d5da555c6a78ece6cb6e8eab46aa0ed010Zhongxing Xufile <a href="filing_bugs.html">feature requests</a> or contribute your own 1930c3a16d5da555c6a78ece6cb6e8eab46aa0ed010Zhongxing Xupatches.</p> 194591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 195591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek</div> 196591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek</body> 197591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek</html> 198591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 199
