Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
365 views
in Technique[技术] by (71.8m points)

c++ - How-to use Clang Static Analyzer on Windows?

I'm currently trying to integrate the Clang Static Analyzer v9.0.1 into my CMake v3.16.5 build system using the Microsoft Visual C++ Compiler (MSVC) v19.25.28610.4 on a Windows v10.0.18363.720 operating system.

Everything is build for the architecture x86_64. LLVM and Clang have been build from source.

After some reading on the World Wide Web (WWW), there seems to be multiple ways to use the Clang Static Analyzer. Sadly the documentation is horrible and there seems to be some special quirks on a Windows operating system (mostly related to clang-cl), therefore it is not straight-forward to integrate. IMO, it shouldn't take a professional programmer longer than one hour to integrate this into the C++ defacto standard build system.

There seems to be at least five possibilities to invoke the Clang Static Analyzer:

  1. scan-build script.
    • Requires a Perl runtime environment.
    • Is able to analyze multiple files with one invocation.
    • Is able to generate HTML (more advance than the other possibilities), plist or sarif output file(s).
    • My issue: Does not detect any bugs, always printing scan-build: No bugs found. to STDOUT.
  2. clang-check executable.
    • Requires a JSON compilation database file compile_commands.json.
    • Is able to analyze multiple files with one invocation.
    • Should be able to generate HTML report file(s). by the means of the --extra-arg argument.
    • My issue: Unable to make it work (refer to the second script below).
  3. clang/ clang++ executables.
    • Is able to analyze one file with one invocation.
    • My issue: Basically works, but looks like the worst possibility to me (due to missing build information).
  4. c++-analyzer.bat / ccc-analyzer.bat batch scripts.
    • Does seem to support Clang and GCC only.
    • My issue: I'm unable to find any documentation for these scripts.
  5. clang-tidy executable with clang-analyzer-* checks only.
    • Can use a JSON compilation database file compile_commands.json.
    • Is able to analyze multiple files with one invocation.
    • My issue: Is not able to generate HTML report file(s), but YAML only.

Here are three batch scripts, one for each of the first three approaches:

  1. scan-build-example.cmd

    @echo off
    setlocal
    cls
    
    rem Configure
    call scan-build.bat^
     -v^
     -v^
     -v^
     -analyze-headers^
     --force-analyze-debug-code^
     -o _scan_build_out^
     --keep-cc^
     --html-title="Scan Build Example"^
     --show-description^
     --use-cc="C:Program Files (x86)Microsoft Visual Studio2019CommunityVCToolsMSVC14.25.28610inHostx64x64cl.exe"^
     --use-c++="C:Program Files (x86)Microsoft Visual Studio2019CommunityVCToolsMSVC14.25.28610inHostx64x64cl.exe"^
     -stats^
     -maxloop 4^
     -internal-stats^
     --use-analyzer="E:dev
    ativellvmllvm-9.0.1Releasestaticx64-windows-msvc1924-v142inclang.exe"^
     -analyzer-config stable-report-filename=true^
     -enable-checker core,cplusplus,deadcode,nullability,optin,osx,security,unix,valist^
     cmake^
     -S "D:cmakecmake-example-clang-static-analyzer"^
     -B "D:cmakecmake-example-clang-static-analyzer\_scan-build"^
     -G "Ninja"^
     -DCMAKE_C_COMPILER:PATH="C:Program Files (x86)Microsoft Visual Studio2019CommunityVCToolsMSVC14.25.28610inHostx64x64cl.exe"^
     -DCMAKE_CXX_COMPILER:PATH="C:Program Files (x86)Microsoft Visual Studio2019CommunityVCToolsMSVC14.25.28610inHostx64x64cl.exe"^
     -DCMAKE_BUILD_TYPE:STRING=Debug
    
    rem Build
    call scan-build.bat^
     -v^
     -v^
     -v^
     -analyze-headers^
     --force-analyze-debug-code^
     -o _scan_build_out^
     --keep-cc^
     --html-title="Scan Build Example"^
     --show-description^
     --use-cc="C:Program Files (x86)Microsoft Visual Studio2019CommunityVCToolsMSVC14.25.28610inHostx64x64cl.exe"^
     --use-c++="C:Program Files (x86)Microsoft Visual Studio2019CommunityVCToolsMSVC14.25.28610inHostx64x64cl.exe"^
     -stats^
     -maxloop 4^
     -internal-stats^
     --use-analyzer="E:dev
    ativellvmllvm-9.0.1Releasestaticx64-windows-msvc1924-v142inclang.exe"^
     -analyzer-config stable-report-filename=true^
     -enable-checker core,cplusplus,deadcode,nullability,optin,osx,security,unix,valist^
     cmake^
     --build "D:cmakecmake-example-clang-static-analyzer\_scan-build"^
     --config Debug
    
  2. clang-check-example.cmd

    @echo off
    setlocal
    cls
    
    set out_dir=%~dp0.\_clang_check_out
    
    mkdir "%out_dir%" > nul 2>&1
    
    rem Issue: "warning: could not create file in 'main.plist': no such file or directory"
    clang-check^
     -analyze^
     -extra-arg=-Xclang^
     -extra-arg=-analyzer-config^
     -extra-arg=-Xclang^
     -extra-arg=add-pop-up-notes=true,mode=deep^
     -extra-arg=-Xclang^
     -extra-arg=-analyzer-checker=core,cplusplus,deadcode,nullability,optin,osx,security,unix,valist^
     -extra-arg=-Xclang^
     -extra-arg=-analyzer-output=html^
     -extra-arg=-o=%out_dir%^
     -p "D:cmakecmake-example-clang-static-analyzer\_build"^
     "D:cmakecmake-example-clang-static-analyzerappmain.cpp"
    
  3. clang_analyze-example.cmd

    @echo off
    setlocal
    cls
    
    set out_dir=%~dp0.\_clang_analyzer_out
    
    mkdir "%out_dir%"
    clang++^
     --analyze^
     -Xanalyzer^
     -analyzer-checker=core,cplusplus,deadcode,nullability,optin,osx,security,unix,valist^
     -Xanalyzer^
     -analyzer-output=html^
     -o "%out_dir%"^
     -I"D:cmakecmake-example-clang-static-analyzersrc"^
     "D:cmakecmake-example-clang-static-analyzerappmain.cpp
    

My questions are:

  1. How-to make scan-build.bat work on Windows (I tried both using MSVC and Clang)?
  2. How-to pass the options to clang-check.exe to make it create HTML output files and get rid of the warning: could not create file in 'main.plist': no such file or directory warning?
  3. Can be using clang.exe/ clang++.exe a suitable alternative (imo, its missing the build information that should be available with the other two non-working alternatives)?

In general: What's the easiest way to generate a HTML report with the Clang Static Analyzer using MSVC on Windows?

Related questions:

Changelog:

  • 2020-03-20T12:06Z
    • Update clang-check-example.cmd script.
  • 2020-03-20T08:50Z
    • Add mention of clang-tidy.
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)
Waitting for answers

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...