Wednesday, November 11, 2009

clang static-analyzer == awesomeness

If you are looking for a good open source static analyzer for c/c++ you know that it is slim pickins out there. There are great tools for detecting memory issues like valgrind and all of it's included goodies. Most open source static code analyzers are out of date, are just to darn difficult to get working (cough* cough* splint), or don't scale well to large projects like flawfinder and it's hey you have a static buffer at line x you better make sure you do proper bounds checking.

So in my search for a static code analyzer I stumbled across the clang static-analyzer and I must say that it is pretty darn amazing. While it doesn't detect buffer overflows at the time of writing, it informs the user of a ton of other issues that when resolved can lead to cleaner more efficient code. I'm just going to summarize the steps that I went through to get it up and running. Most of these steps are on the clang static-analyzer site or came from this blog post.

1. Checkout llvm using subversion

svn co http://llvm.org/svn/llvm-project/llvm/trunk llvm

2. Checkout clang using subversion
cd llvm/tools
svn co http://llvm.org/svn/llvm-project/cfe/trunk clang

3. Build llvm and clang
cd ..
./configure --prefix=/opt/clang
make
sudo make install

4.Clang static-analyzer isn't installed with make install so lets move it to the location where we installed everything else.

sudo cp -Rf tools/clang/tools/scan-build /opt/clang/
sudo cp -Rf tools/clang/tools/scan-view /opt/clang/

5.Add the different clang dirs to your $PATH. Usually this can be done by adding a line similar to the following in /etc/profile.

PATH=$PATH:/opt/clang/bin:/opt/clang/libexec:/opt/clang/scan-build:/opt/clang/scan-view

6.Go into the directory where your source code resides. If you have code that follows the normal ./configure, make, make install type of build you will want to do the following.

scan-build ./configure
scan-build -o /var/www/html/testresults make

7. Once it is completed you should see a message like "x diagnostics generated." Fire up your browser and got to the /testresults/ dir on the web server where you dumped your results. The interface is amazing as once you click on a bug it will actually walk you through the code, and do things for you like expand macros etc.

Enjoy ;-)
Posted by at

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)