Stack Overflow
Stack Overflow

Questions tagged [clang-static-analyzer]

Use this tag for the Clang Static Analyzer, an open source source code analysis tool which find bugs in C and Objective-C programs. Use this tag also for Xcode Static Analyzer.

The Clang Static Analyzer is an open source (supported by Apple) source code analysis tool which find bugs in C and Objective-C programs.

It can be run either as a standalone tool or within Xcode. The standalone tool is invoked from the command line, and is intended to be run in tandem with a build of a codebase.

The analyzer is 100% open source and is part of the Clang project. Like the rest of Clang, the analyzer is implemented as a C++ library that can be used by other tools and applications.

296 questions
4
votes
0 answers

Possible false positive for clang-analyzer (garbage or undefined)

The code bellow gives a "Result of operation is garbage or undefined" in clang analyzer, but only when the initialization is done with curly braces. This happens with std=c++17, but not with versions lower than 17. Looking at compiler explorer, the…
amfcosta
  • 1,049
  • 10
  • 21
4
votes
1 answer

Clang: How to get the macro name used for size of a constant size array declaration

TL;DR; How to get the macro name used for size of a constant size array declaration, from a callExpr -> arg_0 -> DeclRefExpr. Detailed Problem statement: Recently I started working on a challenge which requires source to source transformation tool…
d3v-sci
  • 173
  • 12
4
votes
2 answers

Why are static analysis tools missing this seemingly obvious case?

I have a very simple C program with a potential buffer overflow using strcpy: #include #include void buffer_overflow(char* dst, const char* src) { strcpy(dst, src); } int main(int argc, char** argv) { if(argc…
Chad
  • 18,706
  • 4
  • 46
  • 63
4
votes
1 answer

Xcode 4 "Fix it" - when does it appear?

I would like to know when the "Fix-it" should appear? Is it possible to make appear on all errors (and suggest a change?) Clearly an error in my code, which "Fix-it" analyzed and detected. But can it help me even more?
Konrad77
  • 2,515
  • 1
  • 19
  • 36
4
votes
1 answer

How to enable clang static analyzer's "alpha.security.taint check" checker

I am trying to execute clang static analyzer (version 3.8) on some of the examples shown in its documentation (https://clang-analyzer.llvm.org/alpha_checks.html#security_alpha_checkers). I created a small C program, as follows: // note: requires…
Gunjan Aggarwal
  • 710
  • 5
  • 19
4
votes
0 answers

can clang static analyzer create .plist files in custom directory?

By default Clang-static-analyzer creates .plist files in current directory (from where the static analyzer is run). Is there any way to make it generate .plist files in a custom directory?
Hemant
  • 767
  • 6
  • 20
4
votes
1 answer

Clang Static Analyzer check if a function was called twice

I have a new custom checker (TransactionChecker.cpp). Here is the TransacationState: struct TransactionState { private: enum Kind { OpenedT, StartedT, FinalizedT, ClosedT } K; TransactionState(Kind InK) : K(InK) {} public: bool isOpened()…
cehptr
  • 157
  • 1
  • 7
4
votes
3 answers

Prevent Xcode/clang from raising logic error on intentionally flawed code

For testing purposes only, I'm including a function to intentionally crash my app (testing my app's handling of unintentional crashes). To do so, I'm using: strcpy(0, "crash"); Of course, when doing analysis of my code, Xcode reports the logic…
Jon
  • 1,469
  • 1
  • 14
  • 23
4
votes
3 answers

Using Clang Static Analyzer in Eclipse CDT

Although it is theoretically possible to integrate an external static analyzer into Eclipse as demonstrated here (i.e. for Cppcheck), I was wondering whether a more up to date solution exists which does not require plug-in development? For example…
Teodor Nikolov
  • 783
  • 7
  • 14
4
votes
2 answers

Clang static analyzer can't find stdio.h

I'm trying to use Clang static analyzer on a very simple program: #include main () { printf("Hello, world !"); } When i do clang helloworld.c It compiles the program successfully. When i do clang -cc1 -analyze…
evocatus
  • 111
  • 1
  • 2
  • 8
4
votes
1 answer

Why roslyn analyzers needs to be portable assemblies?

We have Roslyn Analyzers written for VS2013 though its not officially supported by MSFT now. We decided to upgrade those to VS2015. The APIs are drastically different but we managed to do it. The VS2013 analyzer dlls were normal .Net class…
Joy George Kunjikkuru
  • 1,495
  • 13
  • 27
4
votes
1 answer

What's a garbage value for clang-check

I have got the following warning: test.cpp:14:25: warning: The right operand of '/' is a garbage value return (std::abs(a) / size) > 10; ^ ~~~~ for this piece of code: #include #include #include…
Brahim
  • 808
  • 1
  • 8
  • 17
4
votes
2 answers

XCode/Static Analyzer: Suppressing a retain count/leak warning

I have a function that is creating a variable, but not deallocating it. It passes this object on with a message to another function that deals with the memory management. My question is how do I suppress the static analyzer warning for what XCode…
Shaun Budhram
  • 3,690
  • 4
  • 30
  • 41
4
votes
1 answer

Can Clang Static Analyzer be used with Swift?

When I analyse a Swift project on Xcode 6, the build succeed with no issues. So I wonder if the Clang Static Analyser work with Swift!
Dominique Vial
  • 3,729
  • 2
  • 25
  • 45
4
votes
2 answers

Why is accessing a null-terminated string giving 'garbage or undefined'?

I have a simple brainfuck interpreter in C that produces the following warning in scan-build: $ scan-build gcc -Wall -g -std=c99 main.c scan-build: Using '/usr/bin/clang' for static analysis main.c:14:11: warning: Assigned value is garbage or…
Wilfred Hughes
  • 29,846
  • 15
  • 139
  • 192
1 2 3
19 20