index.html revision 8bebc6e301ea2c15d876fadfbcf3f1ca7af0cfdc
1591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" 2591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek "http://www.w3.org/TR/html4/strict.dtd"> 3591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<html> 4591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<head> 5591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <title>Clang Static Analyzer</title> 6b9576d9623411946cad8b62f5b3c0f1502b75244Ted Kremenek <link type="text/css" rel="stylesheet" href="content.css" /> 7b9576d9623411946cad8b62f5b3c0f1502b75244Ted Kremenek <link type="text/css" rel="stylesheet" href="menu.css" /> 8b9576d9623411946cad8b62f5b3c0f1502b75244Ted Kremenek <link type="text/javascript" rel="javascript" href="menu.js"/> 9591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek</head> 10591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<body> 11591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 128bebc6e301ea2c15d876fadfbcf3f1ca7af0cfdcTed Kremenek<div id="page"> 13591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<!--#include virtual="menu.html.incl"--> 14591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 15591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<div id="content"> 168bebc6e301ea2c15d876fadfbcf3f1ca7af0cfdcTed Kremenek 175a9bd1169347783112b1fb472a2d8a177529ba73Ted Kremenek<h1>Clang Static Analyzer</h1> 188bebc6e301ea2c15d876fadfbcf3f1ca7af0cfdcTed Kremenek 198bebc6e301ea2c15d876fadfbcf3f1ca7af0cfdcTed Kremenek<table style="margin-top:0px" width="100%" border="0" cellpadding="0px" cellspacing="0"> 208bebc6e301ea2c15d876fadfbcf3f1ca7af0cfdcTed Kremenek<tr><td> 21591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<p>The Clang Static Analyzer consists of both a source code analysis framework 228bebc6e301ea2c15d876fadfbcf3f1ca7af0cfdcTed Kremenekand a standalone tool that finds bugs in C and Objective-C programs.</p> 238bebc6e301ea2c15d876fadfbcf3f1ca7af0cfdcTed Kremenek 248bebc6e301ea2c15d876fadfbcf3f1ca7af0cfdcTed Kremenek<p>The 25591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekstandalone tool is invoked from the command-line, and is intended to run in 26591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenektandem with a build of a project or code base.</p> 27591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 28591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<p>Both are 100% open source and are part of the <a 29591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekhref="http://clang.llvm.org">Clang</a> project.</p> 3051667ee4bf2c6df038bc8e1b7cc79a0d2d0d950fTed Kremenek 31591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<!-- Generated from: http://www.spiffycorners.com/index.php --> 32591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 33591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<style type="text/css"> 34591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek.spiffy{display:block} 35591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek.spiffy *{ 36591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek display:block; 37591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek height:1px; 38591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek overflow:hidden; 39591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek font-size:.01em; 40591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek background:#EBF0FA} 41591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek.spiffy1{ 42591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek margin-left:3px; 43591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek margin-right:3px; 44591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek padding-left:1px; 45591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek padding-right:1px; 46591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek border-left:1px solid #f6f8fc; 47591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek border-right:1px solid #f6f8fc; 48591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek background:#f0f3fb} 49591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek.spiffy2{ 50591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek margin-left:1px; 51591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek margin-right:1px; 52591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek padding-right:1px; 53591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek padding-left:1px; 54591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek border-left:1px solid #fdfdfe; 55591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek border-right:1px solid #fdfdfe; 56591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek background:#eef2fa} 57591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek.spiffy3{ 58591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek margin-left:1px; 59591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek margin-right:1px; 60591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek border-left:1px solid #eef2fa; 61591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek border-right:1px solid #eef2fa;} 62591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek.spiffy4{ 63591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek border-left:1px solid #f6f8fc; 64591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek border-right:1px solid #f6f8fc} 65591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek.spiffy5{ 66591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek border-left:1px solid #f0f3fb; 67591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek border-right:1px solid #f0f3fb} 68591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek.spiffyfg{ 69591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek background:#EBF0FA} 70591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 71591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek.spiffyfg h2 { 72591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek margin:0px; padding:10px; 73591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek} 74591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek</style> 75591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 76591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<style type="text/css"> 77591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek #left { float:left; } 78591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek #left h2 { margin:1px; padding-top:0px; } 79591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek #right { float:left; margin-left:20px; margin-right:20px; padding:0px ;} 80591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek #right h2 { padding:0px; margin:0px; } 81591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek #wrappedcontent { padding:15px;} 82591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek</style> 83591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 848bebc6e301ea2c15d876fadfbcf3f1ca7af0cfdcTed Kremenek<div style="padding:0px; font-size: 90%"> 85591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <b class="spiffy"> 86591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <b class="spiffy1"><b></b></b> 87591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <b class="spiffy2"><b></b></b> 88591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <b class="spiffy3"></b> 89591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <b class="spiffy4"></b> 90591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <b class="spiffy5"></b></b> 91591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <div class="spiffyfg"> 92591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <div style="padding:15px"> 93591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <h2 style="padding:0px; margin:0px">Download</h2> 94591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <h3 style="margin-top:5px">Mac OS X</h3> 95591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <ul> 96591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <li>Latest build (Universal binary, 10.5+): 97591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <!--#include virtual="latest_checker.html.incl"--> 98591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek </li> 99591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <li><a href="/installation.html">Installation</a> and <a 100591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek href="/scan-build.html">usage</a></li> 101591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek </ul> 102591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <h3>Other Platforms</h3> 103591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <p>For other platforms, please follow the instructions for <a 104591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek href="/installation#OtherPlatforms">building the analyzer</a> from 105591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek source code.<p> 106591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek </div> 107591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek </div> 108591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <b class="spiffy"> 109591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <b class="spiffy5"></b> 110591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <b class="spiffy4"></b> 111591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <b class="spiffy3"></b> 112591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <b class="spiffy2"><b></b></b> 113591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek <b class="spiffy1"><b></b></b></b> 114591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek</div> 115591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 1168bebc6e301ea2c15d876fadfbcf3f1ca7af0cfdcTed Kremenek</td><td style="padding-left:10px"> 1178bebc6e301ea2c15d876fadfbcf3f1ca7af0cfdcTed Kremenek<a href="images/analyzer_xcode.png"><img src="images/analyzer_xcode.png" width="450x"></a> 1188bebc6e301ea2c15d876fadfbcf3f1ca7af0cfdcTed Kremenek<center><b>Viewing static analyzer results in Xcode 3.2</b></center> 1198bebc6e301ea2c15d876fadfbcf3f1ca7af0cfdcTed Kremenek<a href="images/analyzer_html.png"><img src="images/analyzer_html.png" width="450px"></a> 1208bebc6e301ea2c15d876fadfbcf3f1ca7af0cfdcTed Kremenek<center><b>Viewing static analyzer results in a web browser</b></center> 1218bebc6e301ea2c15d876fadfbcf3f1ca7af0cfdcTed Kremenek</td></tr></table> 1228bebc6e301ea2c15d876fadfbcf3f1ca7af0cfdcTed Kremenek 123591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<h2 id="StaticAnalysis">What is Static Analysis?</h2> 124591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 125591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<p>The term "static analysis" is conflated, but here we use it to mean 126591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremeneka collection of algorithms and techniques used to analyze source code in order 127591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekto automatically find bugs. The idea is similar in spirit to compiler warnings 128591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek(which can be useful for finding coding errors) but to take that idea a step 129591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekfurther and find bugs that are traditionally found using run-time debugging 130591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenektechniques such as testing.</p> 131591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 132591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<p>Static analysis bug-finding tools have evolved over the last several decades 133591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekfrom basic syntactic checkers to those that find deep bugs by reasoning about 134591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekthe semantics of code. The goal of the Clang Static Analyzer is to provide a 135591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekindustrial-quality static analysis framework for analyzing C and Objective-C 136591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekprograms that is freely available, extensible, and has a high quality of 137591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekimplementation.</p> 138591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 139591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<h3 id="Clang">Part of Clang and LLVM</h3> 140591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 141591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<p>As its name implies, the Clang Static Analyzer is built on top of <a 142591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekhref="http://clang.llvm.org">Clang</a> and <a href="http://llvm.org">LLVM</a>. 143591b907b3b29efa4047fc0aba042fdc81b45d5dcTed KremenekStrictly speaking, the analyzer is part of Clang, as Clang consists of a set of 144591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekreusable C++ libraries for building powerful source-level tools. The static 145591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekanalysis engine used by the Clang Static Analyzer is a Clang library, and has 146591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekthe capability to be reused in different contexts and by different clients.</p> 147591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 148591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<h2>Important Points to Consider</h2> 149591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 150591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<p>While we believe that the static analyzer is already very useful for finding 151591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekbugs, we ask you to bear in mind a few points when using it.</p> 152591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 153591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<h3>Work-in-Progress</h3> 154591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 155591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<p>The analyzer is a continuous work-in-progress. 156591b907b3b29efa4047fc0aba042fdc81b45d5dcTed KremenekThere are many planned enhancements to improve both the precision and scope of 157591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekits analysis algorithms as well as the kinds bugs it will find. While there are 158591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekfundamental limitations to what static analysis can do, we have a long way to go 159591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekbefore hitting that wall.</p> 160591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 161591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<h3>Slower than Compilation</h3> 162591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 163591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<p>Operationally, using static analysis to 164591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekautomatically find deep program bugs is about trading CPU time for the hardening 165591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekof code. Because of the deep analysis performed by state-of-the-art static 166591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekanalysis tools, static analysis can be much slower than compilation.</p> 167591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 168591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<p>While the Clang Static Analyzer is being designed to be as fast and 169591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremeneklight-weight as possible, please do not expect it to be as fast as compiling a 170591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekprogram (even with optimizations enabled). Some of the algorithms needed to find 171591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekbugs require in the worst case exponential time.</p> 172591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 173591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<p>The Clang Static Analyzer runs in a reasonable amount of time by both 174591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekbounding the amount of checking work it will do as well as using clever 175591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekalgorithms to reduce the amount of work it must do to find bugs.</p></li> 176591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 177591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<h3>False Positives</h3> 178591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 179591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<p>Static analysis is not perfect. It can falsely flag bugs in a program where 180591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekthe code behaves correctly. Because some code checks require more analysis 181591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekprecision than others, the frequency of false positives can vary widely between 182591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekdifferent checks. Our long-term goal is to have the analyzer have a low false 183591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekpositive rate for most code on all checks.</p> 184591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 185591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<p>Please help us in this endeavor by <a href="filing_bugs.html">reporting false 186591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekpositives</a>. False positives cannot be addressed unless we know about 187591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenekthem.</p> 188591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 189591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek<h3>More Checks</h3> 190591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 1910c3a16d5da555c6a78ece6cb6e8eab46aa0ed010Zhongxing Xu<p>Static analysis is not magic; a static analyzer can only find bugs that it 1920c3a16d5da555c6a78ece6cb6e8eab46aa0ed010Zhongxing Xuhas been specifically engineered to find. If there are specific kinds of bugs 1930c3a16d5da555c6a78ece6cb6e8eab46aa0ed010Zhongxing Xuyou would like the Clang Static Analyzer to find, please feel free to 1940c3a16d5da555c6a78ece6cb6e8eab46aa0ed010Zhongxing Xufile <a href="filing_bugs.html">feature requests</a> or contribute your own 1950c3a16d5da555c6a78ece6cb6e8eab46aa0ed010Zhongxing Xupatches.</p> 196591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 197591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek</div> 1988bebc6e301ea2c15d876fadfbcf3f1ca7af0cfdcTed Kremenek</div> 199591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek</body> 200591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek</html> 201591b907b3b29efa4047fc0aba042fdc81b45d5dcTed Kremenek 202
