I'm currently trying to integrate the Clang Static Analyzer v9.0.1 into my CMake v3.16.5 build system using the Microsoft Visual C++ Compiler (MSVC) v19.25.28610.4 on a Windows v10.0.18363.720 operating system.
Everything is build for the architecture x86_64. LLVM and Clang have been build from source.
After some reading on the World Wide Web (WWW), there seems to be multiple ways to use the Clang Static Analyzer. Sadly the documentation is horrible and there seems to be some special quirks on a Windows operating system (mostly related to clang-cl), therefore it is not straight-forward to integrate. IMO, it shouldn't take a professional programmer longer than one hour to integrate this into the C++ defacto standard build system.
There seems to be at least five possibilities to invoke the Clang Static Analyzer:
scan-build script.
- Requires a Perl runtime environment.
- Is able to analyze multiple files with one invocation.
- Is able to generate HTML (more advance than the other possibilities), plist or sarif output file(s).
- My issue: Does not detect any bugs, always printing
scan-build: No bugs found. to STDOUT.
clang-check executable.
- Requires a JSON compilation database file
compile_commands.json.
- Is able to analyze multiple files with one invocation.
- Should be able to generate HTML report file(s). by the means of the
--extra-arg argument.
- My issue: Unable to make it work (refer to the second script below).
clang/ clang++ executables.
- Is able to analyze one file with one invocation.
- My issue: Basically works, but looks like the worst possibility to me (due to missing build information).
c++-analyzer.bat / ccc-analyzer.bat batch scripts.
- Does seem to support Clang and GCC only.
- My issue: I'm unable to find any documentation for these scripts.
clang-tidy executable with clang-analyzer-* checks only.
- Can use a JSON compilation database file
compile_commands.json.
- Is able to analyze multiple files with one invocation.
- My issue: Is not able to generate HTML report file(s), but YAML only.
Here are three batch scripts, one for each of the first three approaches:
scan-build-example.cmd
@echo off
setlocal
cls
rem Configure
call scan-build.bat^
-v^
-v^
-v^
-analyze-headers^
--force-analyze-debug-code^
-o _scan_build_out^
--keep-cc^
--html-title="Scan Build Example"^
--show-description^
--use-cc="C:Program Files (x86)Microsoft Visual Studio2019CommunityVCToolsMSVC14.25.28610inHostx64x64cl.exe"^
--use-c++="C:Program Files (x86)Microsoft Visual Studio2019CommunityVCToolsMSVC14.25.28610inHostx64x64cl.exe"^
-stats^
-maxloop 4^
-internal-stats^
--use-analyzer="E:dev
ativellvmllvm-9.0.1Releasestaticx64-windows-msvc1924-v142inclang.exe"^
-analyzer-config stable-report-filename=true^
-enable-checker core,cplusplus,deadcode,nullability,optin,osx,security,unix,valist^
cmake^
-S "D:cmakecmake-example-clang-static-analyzer"^
-B "D:cmakecmake-example-clang-static-analyzer\_scan-build"^
-G "Ninja"^
-DCMAKE_C_COMPILER:PATH="C:Program Files (x86)Microsoft Visual Studio2019CommunityVCToolsMSVC14.25.28610inHostx64x64cl.exe"^
-DCMAKE_CXX_COMPILER:PATH="C:Program Files (x86)Microsoft Visual Studio2019CommunityVCToolsMSVC14.25.28610inHostx64x64cl.exe"^
-DCMAKE_BUILD_TYPE:STRING=Debug
rem Build
call scan-build.bat^
-v^
-v^
-v^
-analyze-headers^
--force-analyze-debug-code^
-o _scan_build_out^
--keep-cc^
--html-title="Scan Build Example"^
--show-description^
--use-cc="C:Program Files (x86)Microsoft Visual Studio2019CommunityVCToolsMSVC14.25.28610inHostx64x64cl.exe"^
--use-c++="C:Program Files (x86)Microsoft Visual Studio2019CommunityVCToolsMSVC14.25.28610inHostx64x64cl.exe"^
-stats^
-maxloop 4^
-internal-stats^
--use-analyzer="E:dev
ativellvmllvm-9.0.1Releasestaticx64-windows-msvc1924-v142inclang.exe"^
-analyzer-config stable-report-filename=true^
-enable-checker core,cplusplus,deadcode,nullability,optin,osx,security,unix,valist^
cmake^
--build "D:cmakecmake-example-clang-static-analyzer\_scan-build"^
--config Debug
clang-check-example.cmd
@echo off
setlocal
cls
set out_dir=%~dp0.\_clang_check_out
mkdir "%out_dir%" > nul 2>&1
rem Issue: "warning: could not create file in 'main.plist': no such file or directory"
clang-check^
-analyze^
-extra-arg=-Xclang^
-extra-arg=-analyzer-config^
-extra-arg=-Xclang^
-extra-arg=add-pop-up-notes=true,mode=deep^
-extra-arg=-Xclang^
-extra-arg=-analyzer-checker=core,cplusplus,deadcode,nullability,optin,osx,security,unix,valist^
-extra-arg=-Xclang^
-extra-arg=-analyzer-output=html^
-extra-arg=-o=%out_dir%^
-p "D:cmakecmake-example-clang-static-analyzer\_build"^
"D:cmakecmake-example-clang-static-analyzerappmain.cpp"
clang_analyze-example.cmd
@echo off
setlocal
cls
set out_dir=%~dp0.\_clang_analyzer_out
mkdir "%out_dir%"
clang++^
--analyze^
-Xanalyzer^
-analyzer-checker=core,cplusplus,deadcode,nullability,optin,osx,security,unix,valist^
-Xanalyzer^
-analyzer-output=html^
-o "%out_dir%"^
-I"D:cmakecmake-example-clang-static-analyzersrc"^
"D:cmakecmake-example-clang-static-analyzerappmain.cpp
My questions are:
- How-to make
scan-build.bat work on Windows (I tried both using MSVC and Clang)?
- How-to pass the options to
clang-check.exe to make it create HTML output files and get rid of the warning: could not create file in 'main.plist': no such file or directory warning?
- Can be using
clang.exe/ clang++.exe a suitable alternative (imo, its missing the build information that should be available with the other two non-working alternatives)?
In general: What's the easiest way to generate a HTML report with the Clang Static Analyzer using MSVC on Windows?
Related questions:
Changelog:
- 2020-03-20T12:06Z
- Update
clang-check-example.cmd script.
- 2020-03-20T08:50Z
- Add mention of
clang-tidy.
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
