diff options
Diffstat (limited to 'clang/www/analyzer')
| -rw-r--r-- | clang/www/analyzer/alpha_checks.html | 4 | ||||
| -rw-r--r-- | clang/www/analyzer/annotations.html | 42 | ||||
| -rw-r--r-- | clang/www/analyzer/available_checks.html | 4 | ||||
| -rw-r--r-- | clang/www/analyzer/checker_dev_manual.html | 286 | ||||
| -rw-r--r-- | clang/www/analyzer/faq.html | 27 | ||||
| -rw-r--r-- | clang/www/analyzer/filing_bugs.html | 9 | ||||
| -rw-r--r-- | clang/www/analyzer/implicit_checks.html | 18 | ||||
| -rw-r--r-- | clang/www/analyzer/index.html | 15 | ||||
| -rw-r--r-- | clang/www/analyzer/installation.html | 9 | ||||
| -rw-r--r-- | clang/www/analyzer/open_projects.html | 23 | ||||
| -rw-r--r-- | clang/www/analyzer/potential_checkers.html | 80 | ||||
| -rw-r--r-- | clang/www/analyzer/release_notes.html | 17 | ||||
| -rw-r--r-- | clang/www/analyzer/scan-build.html | 29 | ||||
| -rw-r--r-- | clang/www/analyzer/xcode.html | 3 |
14 files changed, 279 insertions, 287 deletions
diff --git a/clang/www/analyzer/alpha_checks.html b/clang/www/analyzer/alpha_checks.html index 91ced375710..3d4075e5aaf 100644 --- a/clang/www/analyzer/alpha_checks.html +++ b/clang/www/analyzer/alpha_checks.html @@ -930,9 +930,9 @@ alpha.unix.SimpleStream</span><span class="lang"> Check for misuses of stream APIs:<div class=functions> fopen<br> fclose</div>(demo checker, the subject of the demo -(<a href="http://llvm.org/devmtg/2012-11/Zaks-Rose-Checker24Hours.pdf">Slides</a> +(<a href="https://llvm.org/devmtg/2012-11/Zaks-Rose-Checker24Hours.pdf">Slides</a> ,<a href="https://youtu.be/kdxlsP5QVPw">Video</a>) -by Anna Zaks and Jordan Rose presented at the <a href="http://llvm.org/devmtg/2012-11/"> +by Anna Zaks and Jordan Rose presented at the <a href="https://llvm.org/devmtg/2012-11/"> 2012 LLVM Developers' Meeting).</a></div></div></a></td> <td><div class="exampleContainer expandable"> <div class="example"><pre> diff --git a/clang/www/analyzer/annotations.html b/clang/www/analyzer/annotations.html index bfb59609478..bf0076e5142 100644 --- a/clang/www/analyzer/annotations.html +++ b/clang/www/analyzer/annotations.html @@ -17,18 +17,18 @@ <h1>Source Annotations</h1> <p>The Clang frontend supports several source-level annotations in the form of -<a href="http://gcc.gnu.org/onlinedocs/gcc/Attribute-Syntax.html">GCC-style +<a href="https://gcc.gnu.org/onlinedocs/gcc/Attribute-Syntax.html">GCC-style attributes</a> and pragmas that can help make using the Clang Static Analyzer more useful. These annotations can both help suppress false positives as well as enhance the analyzer's ability to find bugs.</p> <p>This page gives a practical overview of such annotations. For more technical specifics regarding Clang-specific annotations please see the Clang's list of <a -href="http://clang.llvm.org/docs/LanguageExtensions.html">language +href="https://clang.llvm.org/docs/LanguageExtensions.html">language extensions</a>. Details of "standard" GCC attributes (that Clang also -supports) can be found in the <a href="http://gcc.gnu.org/onlinedocs/gcc/">GCC +supports) can be found in the <a href="https://gcc.gnu.org/onlinedocs/gcc/">GCC manual</a>, with the majority of the relevant attributes being in the section on -<a href="http://gcc.gnu.org/onlinedocs/gcc/Function-Attributes.html">function +<a href="https://gcc.gnu.org/onlinedocs/gcc/Function-Attributes.html">function attributes</a>.</p> <p>Note that attributes that are labeled <b>Clang-specific</b> are not @@ -68,7 +68,7 @@ recognized by GCC. Their use can be conditioned using preprocessor macros <li><a href="#attr_os_consumes_this">Attribute 'os_consumes_this'</a></li> <li><a href="#os_out_parameters">Out Parameters</a></li> </ul> - + </li> </ul> </li> @@ -91,7 +91,7 @@ recognized by GCC. Their use can be conditioned using preprocessor macros <p>The analyzer recognizes the GCC attribute 'nonnull', which indicates that a function expects that a given function parameter is not a null pointer. Specific details of the syntax of using the 'nonnull' attribute can be found in <a -href="http://gcc.gnu.org/onlinedocs/gcc/Function-Attributes.html#index-g_t_0040code_007bnonnull_007d-function-attribute-2263">GCC's +href="https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-nonnull-function-attribute">GCC's documentation</a>.</p> <p>Both the Clang compiler and GCC will flag warnings for simple cases where a @@ -108,7 +108,7 @@ parameter.</p> int bar(int*p, int q, int *r) __attribute__((nonnull(1,3))); int foo(int *p, int *q) { - return !p ? bar(q, 2, p) + return !p ? bar(q, 2, p) : bar(p, 2, q); } </pre> @@ -138,8 +138,8 @@ conventions can cause the analyzer to miss bugs or flag false positives.</p> <p>One can educate the analyzer (and others who read your code) about methods or functions that deviate from the Cocoa and Core Foundation conventions using the attributes described here. However, you should consider using proper naming -conventions or the <a -href="http://clang.llvm.org/docs/LanguageExtensions.html#the-objc-method-family-attribute"><tt>objc_method_family</tt></a> +conventions or the <a +href="https://clang.llvm.org/docs/LanguageExtensions.html#the-objc-method-family-attribute"><tt>objc_method_family</tt></a> attribute, if applicable.</p> <h4 id="attr_ns_returns_retained">Attribute 'ns_returns_retained' @@ -236,7 +236,7 @@ its availability, as it is not available in earlier versions of the analyzer:</p <p>The GCC-style (Clang-specific) attribute 'cf_returns_retained' allows one to annotate an Objective-C method or C function as returning a retained Core -Foundation object that the caller is responsible for releasing. The +Foundation object that the caller is responsible for releasing. The CoreFoundation framework defines a macro <b><tt>CF_RETURNS_RETAINED</tt></b> that is functionally equivalent to the one shown below.</p> @@ -323,7 +323,7 @@ href="#attr_cf_returns_retained">cf_returns_retained</a>'. Where a function or method may appear to obey the Core Foundation or Cocoa conventions and return a retained Core Foundation object, this attribute can be used to indicate that the object reference returned should not be considered as an -"owning" reference being returned to the caller. The +"owning" reference being returned to the caller. The CoreFoundation framework defines a macro <b><tt>CF_RETURNS_NOT_RETAINED</tt></b> that is functionally equivalent to the one shown below.</p> @@ -353,8 +353,8 @@ its availability, as it is not available in earlier versions of the analyzer:</p <p>The 'ns_consumed' attribute can be placed on a specific parameter in either the declaration of a function or an Objective-C method. It indicates to the static analyzer that a <tt>release</tt> message is implicitly sent to the -parameter upon completion of the call to the given function or method. The -Foundation framework defines a macro <b><tt>NS_RELEASES_ARGUMENT</tt></b> that +parameter upon completion of the call to the given function or method. The +Foundation framework defines a macro <b><tt>NS_RELEASES_ARGUMENT</tt></b> that is functionally equivalent to the <tt>NS_CONSUMED</tt> macro shown below.</p> <p><b>Example</b></p> @@ -408,7 +408,7 @@ implicitly passed to a call to <tt>CFRelease</tt> upon completion of the call to the given function or method. The CoreFoundation framework defines a macro <b><tt>CF_RELEASES_ARGUMENT</tt></b> that is functionally equivalent to the <tt>CF_CONSUMED</tt> macro shown below.</p> - + <p>Operationally this attribute is nearly identical to 'ns_consumed'.</p> <p><b>Example</b></p> @@ -438,7 +438,7 @@ void test() { void test2() { CFDateRef date = CFDateCreate(0, CFAbsoluteTimeGetCurrent()); consume_CFDate(date); <b><i>// No leak, including under GC!</i></b> - + } @interface Foo : NSObject @@ -463,7 +463,7 @@ is sent. This matches the semantics of all "init" methods.</p> follow the standard Cocoa naming conventions.</p> <p><b>Example</b></p> - + <pre class="code_example"> #ifndef __has_feature #define __has_feature(x) 0 // Compatibility with non-clang compilers. @@ -573,8 +573,8 @@ class MyClass { OSObject *f; LIBKERN_RETURNS_NOT_RETAINED OSObject *myFieldGetter(); } - - + + // Note that the annotation only has to be applied to the function declaration. OSObject * MyClass::myFieldGetter() { return f; @@ -633,7 +633,7 @@ identified using <tt>LIBKERN_RETURNS_RETAINED</tt>:</p> void getterViaOutParam(LIBKERN_RETURNS_NOT_RETAINED OSObject **obj) </pre> <p> -In such cases a retained object is written into an out parameter, which the caller has then to release in order to avoid a leak. +In such cases a retained object is written into an out parameter, which the caller has then to release in order to avoid a leak. </p> <p>These two cases are simple - but in practice a functions returning an out-parameter usually also return a return code, and then an out parameter may or may not be written, which conditionally depends on the exit code, e.g.:</p> @@ -718,7 +718,7 @@ some action that depends on that condition (e.g., dereferencing a pointer).</p> <p>The analyzer knows about several well-known assertion handlers, but can automatically infer if a function should be treated as an assertion handler if it is annotated with the 'noreturn' attribute or the (Clang-specific) -'analyzer_noreturn' attribute. Note that, currently, clang does not support +'analyzer_noreturn' attribute. Note that, currently, clang does not support these attributes on Objective-C methods and C++ methods.</p> <h4 id="attr_noreturn">Attribute 'noreturn'</h4> @@ -729,7 +729,7 @@ with a 'noreturn' attribute should never return.</p> <p>Specific details of the syntax of using the 'noreturn' attribute can be found in <a -href="http://gcc.gnu.org/onlinedocs/gcc/Function-Attributes.html#index-g_t_0040code_007bnoreturn_007d-function-attribute-2264">GCC's +href="https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-noreturn-function-attribute">GCC's documentation</a>.</p> <p>Not only does the analyzer exploit this information when pruning false paths, diff --git a/clang/www/analyzer/available_checks.html b/clang/www/analyzer/available_checks.html index c610e2bda73..2775743fb84 100644 --- a/clang/www/analyzer/available_checks.html +++ b/clang/www/analyzer/available_checks.html @@ -29,8 +29,8 @@ Experimental (Alpha) Checkers</a>. <ul> <li><a href="http://www.mobileorchard.com/bug-finding-with-clang-5-resources-to-get-you-started/">Bug Finding With Clang: 5 Resources To Get You Started</a></li> <li><a href="http://fruitstandsoftware.com/blog/index.php/2008/08/finding-memory-leaks-with-the-llvmclang-static-analyzer/#comment-2">Finding Memory Leaks With The LLVM/Clang Static Analyzer</a></li> -<li><a href="http://www.rogueamoeba.com/utm/2008/07/14/the-clang-static-analyzer/">Under the Microscope - The Clang Static Analyzer</a></li> -<li><a href="http://www.mikeash.com/?page=pyblog/friday-qa-2009-03-06-using-the-clang-static-analyzer.html">Mike Ash - Using the Clang Static Analyzer</a></li> +<li><a href="https://weblog.rogueamoeba.com/2008/07/14/the-clang-static-analyzer/">Under the Microscope - The Clang Static Analyzer</a></li> +<li><a href="https://www.mikeash.com/pyblog/friday-qa-2009-03-06-using-the-clang-static-analyzer.html">Mike Ash - Using the Clang Static Analyzer</a></li> </ul> <h2 id="default_checkers">Default Checkers</h2> diff --git a/clang/www/analyzer/checker_dev_manual.html b/clang/www/analyzer/checker_dev_manual.html index f5439be35b1..fd72e4fe3da 100644 --- a/clang/www/analyzer/checker_dev_manual.html +++ b/clang/www/analyzer/checker_dev_manual.html @@ -18,17 +18,17 @@ <h1>Checker Developer Manual</h1> -<p>The static analyzer engine performs path-sensitive exploration of the program and -relies on a set of checkers to implement the logic for detecting and -constructing specific bug reports. Anyone who is interested in implementing their own -checker, should check out the Building a Checker in 24 Hours talk -(<a href="http://llvm.org/devmtg/2012-11/Zaks-Rose-Checker24Hours.pdf">slides</a> +<p>The static analyzer engine performs path-sensitive exploration of the program and +relies on a set of checkers to implement the logic for detecting and +constructing specific bug reports. Anyone who is interested in implementing their own +checker, should check out the Building a Checker in 24 Hours talk +(<a href="https://llvm.org/devmtg/2012-11/Zaks-Rose-Checker24Hours.pdf">slides</a> <a href="https://youtu.be/kdxlsP5QVPw">video</a>) -and refer to this page for additional information on writing a checker. The static analyzer is a -part of the Clang project, so consult <a href="http://clang.llvm.org/hacking.html">Hacking on Clang</a> -and <a href="http://llvm.org/docs/ProgrammersManual.html">LLVM Programmer's Manual</a> -for developer guidelines and send your questions and proposals to -<a href=http://lists.llvm.org/mailman/listinfo/cfe-dev>cfe-dev mailing list</a>. +and refer to this page for additional information on writing a checker. The static analyzer is a +part of the Clang project, so consult <a href="https://clang.llvm.org/hacking.html">Hacking on Clang</a> +and <a href="https://llvm.org/docs/ProgrammersManual.html">LLVM Programmer's Manual</a> +for developer guidelines and send your questions and proposals to +<a href=https://lists.llvm.org/mailman/listinfo/cfe-dev>cfe-dev mailing list</a>. </p> <ul> @@ -58,8 +58,8 @@ for developer guidelines and send your questions and proposals to <h2 id=start>Getting Started</h2> <ul> - <li>To check out the source code and build the project, follow steps 1-4 of - the <a href="http://clang.llvm.org/get_started.html">Clang Getting Started</a> + <li>To check out the source code and build the project, follow steps 1-4 of + the <a href="https://clang.llvm.org/get_started.html">Clang Getting Started</a> page.</li> <li>The analyzer source code is located under the Clang source tree: @@ -69,12 +69,12 @@ for developer guidelines and send your questions and proposals to <br>See: <tt>include/clang/StaticAnalyzer</tt>, <tt>lib/StaticAnalyzer</tt>, <tt>test/Analysis</tt>.</li> - <li>The analyzer regression tests can be executed from the Clang's build + <li>The analyzer regression tests can be executed from the Clang's build directory: <br><tt> $ <b>cd ../../../; cd build/tools/clang; TESTDIRS=Analysis make test</b> </tt></li> - + <li>Analyze a file with the specified checker: <br><tt> $ <b>clang -cc1 -analyze -analyzer-checker=core.DivideZero test.c</b> @@ -85,99 +85,99 @@ for developer guidelines and send your questions and proposals to $ <b>clang -cc1 -analyzer-checker-help</b> </tt></li> - <li>See the analyzer help for different output formats, fine tuning, and + <li>See the analyzer help for different output formats, fine tuning, and debug options: <br><tt> $ <b>clang -cc1 -help | grep "analyzer"</b> </tt></li> </ul> - + <h2 id=analyzer>Static Analyzer Overview</h2> - The analyzer core performs symbolic execution of the given program. All the - input values are represented with symbolic values; further, the engine deduces - the values of all the expressions in the program based on the input symbols - and the path. The execution is path sensitive and every possible path through - the program is explored. The explored execution traces are represented with - <a href="http://clang.llvm.org/doxygen/classclang_1_1ento_1_1ExplodedGraph.html">ExplodedGraph</a> object. - Each node of the graph is - <a href="http://clang.llvm.org/doxygen/classclang_1_1ento_1_1ExplodedNode.html">ExplodedNode</a>, + The analyzer core performs symbolic execution of the given program. All the + input values are represented with symbolic values; further, the engine deduces + the values of all the expressions in the program based on the input symbols + and the path. The execution is path sensitive and every possible path through + the program is explored. The explored execution traces are represented with + <a href="https://clang.llvm.org/doxygen/classclang_1_1ento_1_1ExplodedGraph.html">ExplodedGraph</a> object. + Each node of the graph is + <a href="https://clang.llvm.org/doxygen/classclang_1_1ento_1_1ExplodedNode.html">ExplodedNode</a>, which consists of a <tt>ProgramPoint</tt> and a <tt>ProgramState</tt>. <p> - <a href="http://clang.llvm.org/doxygen/classclang_1_1ProgramPoint.html">ProgramPoint</a> - represents the corresponding location in the program (or the CFG). - <tt>ProgramPoint</tt> is also used to record additional information on - when/how the state was added. For example, <tt>PostPurgeDeadSymbolsKind</tt> - kind means that the state is the result of purging dead symbols - the - analyzer's equivalent of garbage collection. + <a href="https://clang.llvm.org/doxygen/classclang_1_1ProgramPoint.html">ProgramPoint</a> + represents the corresponding location in the program (or the CFG). + <tt>ProgramPoint</tt> is also used to record additional information on + when/how the state was added. For example, <tt>PostPurgeDeadSymbolsKind</tt> + kind means that the state is the result of purging dead symbols - the + analyzer's equivalent of garbage collection. <p> - <a href="http://clang.llvm.org/doxygen/classclang_1_1ento_1_1ProgramState.html">ProgramState</a> + <a href="https://clang.llvm.org/doxygen/classclang_1_1ento_1_1ProgramState.html">ProgramState</a> represents abstract state of the program. It consists of: <ul> - <li><tt>Environment</tt> - a mapping from source code expressions to symbolic + <li><tt>Environment</tt> - a mapping from source code expressions to symbolic values <li><tt>Store</tt> - a mapping from memory locations to symbolic values <li><tt>GenericDataMap</tt> - constraints on symbolic values </ul> - + <h3 id=interaction>Interaction with Checkers</h3> <p> - Checkers are not merely passive receivers of the analyzer core changes - they + Checkers are not merely passive receivers of the analyzer core changes - they actively participate in the <tt>ProgramState</tt> construction through the - <tt>GenericDataMap</tt> which can be used to store the checker-defined part - of the state. Each time the analyzer engine explores a new statement, it - notifies each checker registered to listen for that statement, giving it an - opportunity to either report a bug or modify the state. (As a rule of thumb, - the checker itself should be stateless.) The checkers are called one after another - in the predefined order; thus, calling all the checkers adds a chain to the + <tt>GenericDataMap</tt> which can be used to store the checker-defined part + of the state. Each time the analyzer engine explores a new statement, it + notifies each checker registered to listen for that statement, giving it an + opportunity to either report a bug or modify the state. (As a rule of thumb, + the checker itself should be stateless.) The checkers are called one after another + in the predefined order; thus, calling all the checkers adds a chain to the <tt>ExplodedGraph</tt>. </p> - + <h3 id=values>Representing Values</h3> <p> - During symbolic execution, <a href="http://clang.llvm.org/doxygen/classclang_1_1ento_1_1SVal.html">SVal</a> - objects are used to represent the semantic evaluation of expressions. - They can represent things like concrete - integers, symbolic values, or memory locations (which are memory regions). - They are a discriminated union of "values", symbolic and otherwise. - If a value isn't symbolic, usually that means there is no symbolic - information to track. For example, if the value was an integer, such as - <tt>42</tt>, it would be a <a href="http://clang.llvm.org/doxygen/classclang_1_1ento_1_1nonloc_1_1ConcreteInt.html">ConcreteInt</a>, - and the checker doesn't usually need to track any state with the concrete - number. In some cases, <tt>SVal</tt> is not a symbol, but it really should be - a symbolic value. This happens when the analyzer cannot reason about something - (yet). An example is floating point numbers. In such cases, the - <tt>SVal</tt> will evaluate to <a href="http://clang.llvm.org/doxygen/classclang_1_1ento_1_1UnknownVal.html">UnknownVal</a>. - This represents a case that is outside the realm of the analyzer's reasoning - capabilities. <tt>SVals</tt> are value objects and their values can be viewed - using the <tt>.dump()</tt> method. Often they wrap persistent objects such as + During symbolic execution, <a href="https://clang.llvm.org/doxygen/classclang_1_1ento_1_1SVal.html">SVal</a> + objects are used to represent the semantic evaluation of expressions. + They can represent things like concrete + integers, symbolic values, or memory locations (which are memory regions). + They are a discriminated union of "values", symbolic and otherwise. + If a value isn't symbolic, usually that means there is no symbolic + information to track. For example, if the value was an integer, such as + <tt>42</tt>, it would be a <a href="https://clang.llvm.org/doxygen/classclang_1_1ento_1_1nonloc_1_1ConcreteInt.html">ConcreteInt</a>, + and the checker doesn't usually need to track any state with the concrete + number. In some cases, <tt>SVal</tt> is not a symbol, but it really should be + a symbolic value. This happens when the analyzer cannot reason about something + (yet). An example is floating point numbers. In such cases, the + <tt>SVal</tt> will evaluate to <a href="https://clang.llvm.org/doxygen/classclang_1_1ento_1_1UnknownVal.html">UnknownVal</a>. + This represents a case that is outside the realm of the analyzer's reasoning + capabilities. <tt>SVals</tt> are value objects and their values can be viewed + using the <tt>.dump()</tt> method. Often they wrap persistent objects such as symbols or regions. </p> <p> - <a href="http://clang.llvm.org/doxygen/classclang_1_1ento_1_1SymExpr.html">SymExpr</a> (symbol) - is meant to represent abstract, but named, symbolic value. Symbols represent - an actual (immutable) value. We might not know what its specific value is, but - we can associate constraints with that value as we analyze a path. For - example, we might record that the value of a symbol is greater than + <a href="https://clang.llvm.org/doxygen/classclang_1_1ento_1_1SymExpr.html">SymExpr</a> (symbol) + is meant to represent abstract, but named, symbolic value. Symbols represent + an actual (immutable) value. We might not know what its specific value is, but + we can associate constraints with that value as we analyze a path. For + example, we might record that the value of a symbol is greater than <tt>0</tt>, etc. </p> <p> - <a href="http://clang.llvm.org/doxygen/classclang_1_1ento_1_1MemRegion.html">MemRegion</a> is similar to a symbol. - It is used to provide a lexicon of how to describe abstract memory. Regions can - layer on top of other regions, providing a layered approach to representing memory. - For example, a struct object on the stack might be represented by a <tt>VarRegion</tt>, - but a <tt>FieldRegion</tt> which is a subregion of the <tt>VarRegion</tt> could + <a href="https://clang.llvm.org/doxygen/classclang_1_1ento_1_1MemRegion.html">MemRegion</a> is similar to a symbol. + It is used to provide a lexicon of how to describe abstract memory. Regions can + layer on top of other regions, providing a layered approach to representing memory. + For example, a struct object on the stack might be represented by a <tt>VarRegion</tt>, + but a <tt>FieldRegion</tt> which is a subregion of the <tt>VarRegion</tt> could be used to represent the memory associated with a specific field of that object. - So how do we represent symbolic memory regions? That's what - <a href="http://clang.llvm.org/doxygen/classclang_1_1ento_1_1SymbolicRegion.html">SymbolicRegion</a> - is for. It is a <tt>MemRegion</tt> that has an associated symbol. Since the + So how do we represent symbolic memory regions? That's what + <a href="https://clang.llvm.org/doxygen/classclang_1_1ento_1_1SymbolicRegion.html">SymbolicRegion</a> + is for. It is a <tt>MemRegion</tt> that has an associated symbol. Since the symbol is unique and has a unique name; that symbol names the region. </p> - + <p> Let's see how the analyzer processes the expressions in the following example: </p> @@ -193,60 +193,60 @@ for developer guidelines and send your questions and proposals to </p> <p> -Let's look at how <tt>x*2</tt> gets evaluated. When <tt>x</tt> is evaluated, -we first construct an <tt>SVal</tt> that represents the lvalue of <tt>x</tt>, in -this case it is an <tt>SVal</tt> that references the <tt>MemRegion</tt> for <tt>x</tt>. -Afterwards, when we do the lvalue-to-rvalue conversion, we get a new <tt>SVal</tt>, -which references the value <b>currently bound</b> to <tt>x</tt>. That value is -symbolic; it's whatever <tt>x</tt> was bound to at the start of the function. -Let's call that symbol <tt>$0</tt>. Similarly, we evaluate the expression for <tt>2</tt>, -and get an <tt>SVal</tt> that references the concrete number <tt>2</tt>. When -we evaluate <tt>x*2</tt>, we take the two <tt>SVals</tt> of the subexpressions, -and create a new <tt>SVal</tt> that represents their multiplication (which in -this case is a new symbolic expression, which we might call <tt>$1</tt>). When we -evaluate the assignment to <tt>y</tt>, we again compute its lvalue (a <tt>MemRegion</tt>), -and then bind the <tt>SVal</tt> for the RHS (which references the symbolic value <tt>$1</tt>) +Let's look at how <tt>x*2</tt> gets evaluated. When <tt>x</tt> is evaluated, +we first construct an <tt>SVal</tt> that represents the lvalue of <tt>x</tt>, in +this case it is an <tt>SVal</tt> that references the <tt>MemRegion</tt> for <tt>x</tt>. +Afterwards, when we do the lvalue-to-rvalue conversion, we get a new <tt>SVal</tt>, +which references the value <b>currently bound</b> to <tt>x</tt>. That value is +symbolic; it's whatever <tt>x</tt> was bound to at the start of the function. +Let's call that symbol <tt>$0</tt>. Similarly, we evaluate the expression for <tt>2</tt>, +and get an <tt>SVal</tt> that references the concrete number <tt>2</tt>. When +we evaluate <tt>x*2</tt>, we take the two <tt>SVals</tt> of the subexpressions, +and create a new <tt>SVal</tt> that represents their multiplication (which in +this case is a new symbolic expression, which we might call <tt>$1</tt>). When we +evaluate the assignment to <tt>y</tt>, we again compute its lvalue (a <tt>MemRegion</tt>), +and then bind the <tt>SVal</tt> for the RHS (which references the symbolic value <tt>$1</tt>) to the <tt>MemRegion</tt> in the symbolic store. <br> -The second line is similar. When we evaluate <tt>x</tt> again, we do the same -dance, and create an <tt>SVal</tt> that references the symbol <tt>$0</tt>. Note, two <tt>SVals</tt> +The second line is similar. When we evaluate <tt>x</tt> again, we do the same +dance, and create an <tt>SVal</tt> that references the symbol <tt>$0</tt>. Note, two <tt>SVals</tt> might reference the same underlying values. </p> <p> -To summarize, MemRegions are unique names for blocks of memory. Symbols are -unique names for abstract symbolic values. Some MemRegions represents abstract -symbolic chunks of memory, and thus are also based on symbols. SVals are just -references to values, and can reference either MemRegions, Symbols, or concrete +To summarize, MemRegions are unique names for blocks of memory. Symbols are +unique names for abstract symbolic values. Some MemRegions represents abstract +symbolic chunks of memory, and thus are also based on symbols. SVals are just +references to values, and can reference either MemRegions, Symbols, or concrete values (e.g., the number 1). </p> - <!-- + <!-- TODO: Add a picture. <br> Symbols<br> - FunctionalObjects are used throughout. + FunctionalObjects are used throughout. --> <h2 id=idea>Idea for a Checker</h2> - Here are several questions which you should consider when evaluating your + Here are several questions which you should consider when evaluating your checker idea: <ul> - <li>Can the check be effectively implemented without path-sensitive + <li>Can the check be effectively implemented without path-sensitive analysis? See <a href="#ast">AST Visitors</a>.</li> - - <li>How high the false positive rate is going to be? Looking at the occurrences - of the issue you want to write a checker for in the existing code bases might + + <li>How high the false positive rate is going to be? Looking at the occurrences + of the issue you want to write a checker for in the existing code bases might give you some ideas. </li> - - <li>How the current limitations of the analysis will effect the false alarm - rate? Currently, the analyzer only reasons about one procedure at a time (no - inter-procedural analysis). Also, it uses a simple range tracking based + + <li>How the current limitations of the analysis will effect the false alarm + rate? Currently, the analyzer only reasons about one procedure at a time (no + inter-procedural analysis). Also, it uses a simple range tracking based solver to model symbolic execution.</li> - + <li>Consult the <a - href="http://llvm.org/bugs/buglist.cgi?query_format=advanced&bug_status=NEW&bug_status=REOPENED&version=trunk&component=Static%20Analyzer&product=clang">Bugzilla database</a> - to get some ideas for new checkers and consider starting with improving/fixing + href="https://bugs.llvm.org/buglist.cgi?query_format=advanced&bug_status=NEW&bug_status=REOPENED&version=trunk&component=Static%20Analyzer&product=clang">Bugzilla database</a> + to get some ideas for new checkers and consider starting with improving/fixing bugs in the existing checkers.</li> </ul> @@ -266,7 +266,7 @@ need to be made: <h2 id=registration>Checker Registration</h2> All checker implementation files are located in <tt>clang/lib/StaticAnalyzer/Checkers</tt> folder. The steps below describe - how the checker <tt>SimpleStreamChecker</tt>, which checks for misuses of + how the checker <tt>SimpleStreamChecker</tt>, which checks for misuses of stream APIs, was registered with the analyzer. Similar steps should be followed for a new checker. <ol> @@ -305,16 +305,16 @@ was successfully added by seeing if it appears in the list of available checkers <h2 id=events_callbacks>Events, Callbacks, and Checker Class Structure</h2> <p> All checkers inherit from the <tt><a -href="http://clang.llvm.org/doxygen/classclang_1_1ento_1_1Checker.html"> +href="https://clang.llvm.org/doxygen/classclang_1_1ento_1_1Checker.html"> Checker</a></tt> template class; the template parameter(s) describe the type of events that the checker is interested in processing. The various types of events that are available are described in the file <a -href="http://clang.llvm.org/doxygen/CheckerDocumentation_8cpp_source.html"> +href="https://clang.llvm.org/doxygen/CheckerDocumentation_8cpp_source.html"> CheckerDocumentation.cpp</a> <p> For each event type requested, a corresponding callback function must be defined in the checker class (<a -href="http://clang.llvm.org/doxygen/CheckerDocumentation_8cpp_source.html"> +href="https://clang.llvm.org/doxygen/CheckerDocumentation_8cpp_source.html"> CheckerDocumentation.cpp</a> shows the correct function name and signature for each event type). @@ -335,13 +335,13 @@ the analyzer cannot be sure whether the file was closed or not. </ul> <p>These events that will be used for each of these actions are, respectively, <a -href="http://clang.llvm.org/doxygen/classclang_1_1ento_1_1check_1_1PreCall.html">PreCall</a>, +href="https://clang.llvm.org/doxygen/classclang_1_1ento_1_1check_1_1PreCall.html">PreCall</a>, <a -href="http://clang.llvm.org/doxygen/classclang_1_1ento_1_1check_1_1PostCall.html">PostCall</a>, +href="https://clang.llvm.org/doxygen/classclang_1_1ento_1_1check_1_1PostCall.html">PostCall</a>, <a -href="http://clang.llvm.org/doxygen/classclang_1_1ento_1_1check_1_1DeadSymbols.html">DeadSymbols</a>, +href="https://clang.llvm.org/doxygen/classclang_1_1ento_1_1check_1_1DeadSymbols.html">DeadSymbols</a>, and <a -href="http://clang.llvm.org/doxygen/classclang_1_1ento_1_1check_1_1PointerEscape.html">PointerEscape</a>. +href="https://clang.llvm.org/doxygen/classclang_1_1ento_1_1check_1_1PointerEscape.html">PointerEscape</a>. The high-level structure of the checker's class is thus: <pre class="code_example"> @@ -376,22 +376,22 @@ several macros designed for this purpose. They are: <ul> <li><a -href="http://clang.llvm.org/doxygen/ProgramStateTrait_8h.html#ae4cddb54383cd702a045d7c61b009147">REGISTER_TRAIT_WITH_PROGRAMSTATE</a>: +href="https://clang.llvm.org/doxygen/ProgramStateTrait_8h.html#ae4cddb54383cd702a045d7c61b009147">REGISTER_TRAIT_WITH_PROGRAMSTATE</a>: Used when the state information is a single value. The methods available for state types declared with this macro are <tt>get</tt>, <tt>set</tt>, and <tt>remove</tt>. <li><a -href="http://clang.llvm.org/doxygen/CheckerContext_8h.html#aa27656fa0ce65b0d9ba12eb3c02e8be9">REGISTER_LIST_WITH_PROGRAMSTATE</a>: +href="https://clang.llvm.org/doxygen/CheckerContext_8h.html#aa27656fa0ce65b0d9ba12eb3c02e8be9">REGISTER_LIST_WITH_PROGRAMSTATE</a>: Used when the state information is a list of values. The methods available for state types declared with this macro are <tt>add</tt>, <tt>get</tt>, <tt>remove</tt>, and <tt>contains</tt>. <li><a -href="http://clang.llvm.org/doxygen/CheckerContext_8h.html#ad90f9387b94b344eaaf499afec05f4d1">REGISTER_SET_WITH_PROGRAMSTATE</a>: +href="https://clang.llvm.org/doxygen/CheckerContext_8h.html#ad90f9387b94b344eaaf499afec05f4d1">REGISTER_SET_WITH_PROGRAMSTATE</a>: Used when the state information is a set of values. The methods available for state types declared with this macro are <tt>add</tt>, <tt>get</tt>, <tt>remove</tt>, and <tt>contains</tt>. <li><a -href="http://clang.llvm.org/doxygen/CheckerContext_8h.html#a6d1893bb8c18543337b6c363c1319fcf">REGISTER_MAP_WITH_PROGRAMSTATE</a>: +href="https://clang.llvm.org/doxygen/CheckerContext_8h.html#a6d1893bb8c18543337b6c363c1319fcf">REGISTER_MAP_WITH_PROGRAMSTATE</a>: Used when the state information is a map from a key to a value. The methods available for state types declared with this macro are <tt>add</tt>, <tt>set</tt>, <tt>get</tt>, <tt>remove</tt>, and <tt>contains</tt>. @@ -438,11 +438,11 @@ new data category; the name of this type is the name of the data category with "Ty" appended. For <tt>REGISTER_TRAIT_WITH_PROGRAMSTATE</tt>, this will simply be passed data type; for the other three macros, this will be a specialized version of the <a -href="http://llvm.org/doxygen/classllvm_1_1ImmutableList.html">llvm::ImmutableList</a>, +href="https://llvm.org/doxygen/classllvm_1_1ImmutableList.html">llvm::ImmutableList</a>, <a -href="http://llvm.org/doxygen/classllvm_1_1ImmutableSet.html">llvm::ImmutableSet</a>, +href="https://llvm.org/doxygen/classllvm_1_1ImmutableSet.html">llvm::ImmutableSet</a>, or <a -href="http://llvm.org/doxygen/classllvm_1_1ImmutableMap.html">llvm::ImmutableMap</a> +href="https://llvm.org/doxygen/classllvm_1_1ImmutableMap.html">llvm::ImmutableMap</a> templated class. For the <tt>ExampleDataType</tt> example above, the type created would be equivalent to writing the declaration: @@ -465,9 +465,9 @@ analyzer core by calling the <tt>CheckerContext::addTransition</tt> function. <p> When a checker detects a mistake in the analyzed code, it needs a way to report it to the analyzer core so that it can be displayed. The two classes used to construct this report are <tt><a -href="http://clang.llvm.org/doxygen/classclang_1_1ento_1_1BugType.html">BugType</a></tt> +href="https://clang.llvm.org/doxygen/classclang_1_1ento_1_1BugType.html">BugType</a></tt> and <tt><a -href="http://clang.llvm.org/doxygen/classclang_1_1ento_1_1BugReport.html"> +href="https://clang.llvm.org/doxygen/classclang_1_1ento_1_1BugReport.html"> BugReport</a></tt>. <p> @@ -496,39 +496,39 @@ analysis, as the program can continue to run after the leak. Dereferencing a null pointer, on the other hand, should stop analysis, as there is no way for the program to meaningfully continue after such an error. -<p>If analysis can continue, then the most recent <tt>ExplodedNode</tt> -generated by the checker can be passed to the <tt>BugReport</tt> constructor -without additional modification. This <tt>ExplodedNode</tt> will be the one +<p>If analysis can continue, then the most recent <tt>ExplodedNode</tt> +generated by the checker can be passed to the <tt>BugReport</tt> constructor +without additional modification. This <tt>ExplodedNode</tt> will be the one returned by the most recent call to <a -href="http://clang.llvm.org/doxygen/classclang_1_1ento_1_1CheckerContext.html#a264f48d97809707049689c37aa35af78">CheckerContext::addTransition</a>. +href="https://clang.llvm.org/doxygen/classclang_1_1ento_1_1CheckerContext.html#a264f48d97809707049689c37aa35af78">CheckerContext::addTransition</a>. If no transition has been performed during the current callback, the checker should call <a -href="http://clang.llvm.org/doxygen/classclang_1_1ento_1_1CheckerContext.html#a264f48d97809707049689c37aa35af78">CheckerContext::addTransition()</a> +href="https://clang.llvm.org/doxygen/classclang_1_1ento_1_1CheckerContext.html#a264f48d97809707049689c37aa35af78">CheckerContext::addTransition()</a> and use the returned node for bug reporting. <p>If analysis can not continue, then the current state should be transitioned into a so-called <i>sink node</i>, a node from which no further analysis will be performed. This is done by calling the <a -href="http://clang.llvm.org/doxygen/classclang_1_1ento_1_1CheckerContext.html#adeea33a5a2bed190210c4a2bb807a6f0"> +href="https://clang.llvm.org/doxygen/classclang_1_1ento_1_1CheckerContext.html#adeea33a5a2bed190210c4a2bb807a6f0"> CheckerContext::generateSink</a> function; this function is the same as the <tt>addTransition</tt> function, but marks the state as a sink node. Like <tt>addTransition</tt>, this returns an <tt>ExplodedNode</tt> with the updated state, which can then be passed to the <tt>BugReport</tt> constructor. <p> -After a <tt>BugReport</tt> is created, it should be passed to the analyzer core -by calling <a href = "http://clang.llvm.org/doxygen/classclang_1_1ento_1_1CheckerContext.html#ae7738af2cbfd1d713edec33d3203dff5">CheckerContext::emitReport</a>. +After a <tt>BugReport</tt> is created, it should be passed to the analyzer core +by calling <a href = "https://clang.llvm.org/doxygen/classclang_1_1ento_1_1CheckerContext.html#ae7738af2cbfd1d713edec33d3203dff5">CheckerContext::emitReport</a>. <h2 id=ast>AST Visitors</h2> - Some checks might not require path-sensitivity to be effective. Simple AST walk - might be sufficient. If that is the case, consider implementing a Clang - compiler warning. On the other hand, a check might not be acceptable as a compiler - warning; for example, because of a relatively high false positive rate. In this - situation, AST callbacks <tt><b>checkASTDecl</b></tt> and - <tt><b>checkASTCodeBody</b></tt> are your best friends. + Some checks might not require path-sensitivity to be effective. Simple AST walk + might be sufficient. If that is the case, consider implementing a Clang + compiler warning. On the other hand, a check might not be acceptable as a compiler + warning; for example, because of a relatively high false positive rate. In this + situation, AST callbacks <tt><b>checkASTDecl</b></tt> and + <tt><b>checkASTCodeBody</b></tt> are your best friends. <h2 id=testing>Testing</h2> - Every patch should be well tested with Clang regression tests. The checker tests - live in <tt>clang/test/Analysis</tt> folder. To run all of the analyzer tests, + Every patch should be well tested with Clang regression tests. The checker tests + live in <tt>clang/test/Analysis</tt> folder. To run all of the analyzer tests, execute the following from the <tt>clang</tt> build directory: <pre class="code"> $ <b>bin/llvm-lit -sv ../llvm/tools/clang/test/Analysis</b> @@ -796,9 +796,9 @@ Documentation for how the Store works</a></li> <li><a href="https://github.com/llvm/llvm-project/blob/master/clang/docs/analyzer/IPA.txt"> Documentation about inlining</a></li> <li> The "Building a Checker in 24 hours" presentation given at the <a -href="http://llvm.org/devmtg/2012-11">November 2012 LLVM Developer's +href="https://llvm.org/devmtg/2012-11">November 2012 LLVM Developer's meeting</a>. Describes the construction of SimpleStreamChecker. <a -href="http://llvm.org/devmtg/2012-11/Zaks-Rose-Checker24Hours.pdf">Slides</a> +href="https://llvm.org/devmtg/2012-11/Zaks-Rose-Checker24Hours.pdf">Slides</a> and <a href="https://youtu.be/kdxlsP5QVPw">video</a> are available.</li> @@ -807,15 +807,15 @@ are available.</li> Artem Degrachev: Clang Static Analyzer: A Checker Developer's Guide </a> (reading the previous items first might be a good idea)</li> <li>The list of <a href="implicit_checks.html">Implicit Checkers</a></li> -<li> <a href="http://clang.llvm.org/doxygen">Clang doxygen</a>. Contains +<li> <a href="https://clang.llvm.org/doxygen">Clang doxygen</a>. Contains up-to-date documentation about the APIs available in Clang. Relevant entries have been linked throughout this page. Also of use is the -<a href="http://llvm.org/doxygen">LLVM doxygen</a>, when dealing with classes +<a href="https://llvm.org/doxygen">LLVM doxygen</a>, when dealing with classes from LLVM.</li> -<li> The <a href="http://lists.llvm.org/mailman/listinfo/cfe-dev"> +<li> The <a href="https://lists.llvm.org/mailman/listinfo/cfe-dev"> cfe-dev mailing list</a>. This is the primary mailing list used for discussion of Clang development (including static code analysis). The -<a href="http://lists.llvm.org/pipermail/cfe-dev">archive</a> also contains +<a href="https://lists.llvm.org/pipermail/cfe-dev">archive</a> also contains a lot of information.</li> </ul> diff --git a/clang/www/analyzer/faq.html b/clang/www/analyzer/faq.html index 516233b24bf..72ca27eb8c3 100644 --- a/clang/www/analyzer/faq.html +++ b/clang/www/analyzer/faq.html @@ -173,13 +173,13 @@ Note that this cast does not affect code generation. <img src="images/example_use_assert.png" alt="example use assert"> -<p> In the contrived example above, the analyzer has detected that the body of -the loop is never entered for the case where <tt>length <= 0</tt>. In this -particular example, you may know that the loop will always be entered because -the input parameter <tt>length</tt> will be greater than zero in all calls to this -function. You can teach the analyzer facts about your code as well as document -it by using assertions. By adding <tt>assert(length > 0)</tt> in the beginning -of the function, you tell the analyzer that your code is never expecting a zero +<p> In the contrived example above, the analyzer has detected that the body of +the loop is never entered for the case where <tt>length <= 0</tt>. In this +particular example, you may know that the loop will always be entered because +the input parameter <tt>length</tt> will be greater than zero in all calls to this +function. You can teach the analyzer facts about your code as well as document +it by using assertions. By adding <tt>assert(length > 0)</tt> in the beginning +of the function, you tell the analyzer that your code is never expecting a zero or a negative value, so it won't need to test the correctness of those paths. </p> @@ -198,15 +198,15 @@ int foo(int length) { <p>There is currently no solid mechanism for suppressing an analyzer warning, although this is currently being investigated. When you encounter an analyzer bug/false positive, check if it's one of the issues discussed above or if the -analyzer <a href = "annotations.html#custom_assertions" >annotations</a> can -resolve the issue. Second, please <a href = "filing_bugs.html">report it</a> to +analyzer <a href = "annotations.html#custom_assertions" >annotations</a> can +resolve the issue. Second, please <a href = "filing_bugs.html">report it</a> to help us improve user experience. As the last resort, consider using <tt>__clang_analyzer__</tt> macro <a href = "faq.html#exclude_code" >described below</a>.</p> <h4 id="exclude_code" class="faq">Q: How can I selectively exclude code the analyzer examines?</h4> -<p>When the static analyzer is using clang to parse source files, it implicitly -defines the preprocessor macro <tt>__clang_analyzer__</tt>. One can use this +<p>When the static analyzer is using clang to parse source files, it implicitly +defines the preprocessor macro <tt>__clang_analyzer__</tt>. One can use this macro to selectively exclude code the analyzer examines. Here is an example: <pre class="code_example"> @@ -215,8 +215,8 @@ macro to selectively exclude code the analyzer examines. Here is an example: #endif </pre> -This usage is discouraged because it makes the code dead to the analyzer from -now on. Instead, we prefer that users file bugs against the analyzer when it flags +This usage is discouraged because it makes the code dead to the analyzer from +now on. Instead, we prefer that users file bugs against the analyzer when it flags false positives. </p> @@ -224,4 +224,3 @@ false positives. </div> </body> </html> - diff --git a/clang/www/analyzer/filing_bugs.html b/clang/www/analyzer/filing_bugs.html index f32a8ab20a6..e802b6d9baf 100644 --- a/clang/www/analyzer/filing_bugs.html +++ b/clang/www/analyzer/filing_bugs.html @@ -5,7 +5,7 @@ <title>Filing Bugs and Feature Requests</title> <link type="text/css" rel="stylesheet" href="menu.css"> <link type="text/css" rel="stylesheet" href="content.css"> - <script type="text/javascript" src="scripts/menu.js"></script> + <script type="text/javascript" src="scripts/menu.js"></script> </head> <body> @@ -19,7 +19,7 @@ We also welcome feature requests. When filing a bug report, please do the following:</p> -<ul> +<ul> <li>Include the checker build (for prebuilt Mac OS X binaries) or the SVN revision number.</li> @@ -37,7 +37,7 @@ and why.</li> <h3>Bugzilla</h3> -<p>Please <a href="http://llvm.org/bugs/enter_bug.cgi?product=clang">file +<p>Please <a href="https://bugs.llvm.org/enter_bug.cgi?product=clang">file bugs</a> in LLVM's Bugzilla database against the Clang <b>Static Analyzer</b> component.</p> @@ -45,7 +45,7 @@ component.</p> <p>If you are using the analyzer to analyze code associated with an Apple NDA (e.g., preview versions of SDKs or seed releases of Mac OS X) please file bug -reports to Apple's <a href="http://bugreporter.apple.com">Bug Reporter</a> web +reports to Apple's <a href="https://feedbackassistant.apple.com/welcome">Feedback Assistant</a> web site.</p> <p>You are free to always file bugs through this website, but this option is less @@ -59,4 +59,3 @@ the analyzer has access to that bug database.</p> </div> </body> </html> - diff --git a/clang/www/analyzer/implicit_checks.html b/clang/www/analyzer/implicit_checks.html index 948f4533b89..959c7fc18dd 100644 --- a/clang/www/analyzer/implicit_checks.html +++ b/clang/www/analyzer/implicit_checks.html @@ -18,8 +18,8 @@ <div id="content"> <h1>Implicit Checkers</h1> -Even though the implicit checkers do not produce any warnings, they are used to -support the analyzer core and model known APIs. See also +Even though the implicit checkers do not produce any warnings, they are used to +support the analyzer core and model known APIs. See also <a href = "available_checks.html">Default Checkers</a> and <a href = "alpha_checks.html">Experimental (Alpha) Checkers</a>. <ul> @@ -50,10 +50,10 @@ public: class B: public A { public: B() - :A(foo()) + :A(foo()) // DynamicTypeInfo for 'this' rigion will wrap type 'A' // unless the base constructor call expression is processed - {} + {} virtual int foo(); }; </pre></div><div class="separator"></div> @@ -112,10 +112,10 @@ void test() { @implementation MyObj - (void)foo { - [[NSAssertionHandler currentHandler] handleFailureInMethod:_cmd - object:self - file:(@"somefile.m") - lineNumber:1 + [[NSAssertionHandler currentHandler] handleFailureInMethod:_cmd + object:self + file:(@"somefile.m") + lineNumber:1 description:(@"some text")]; // generate sink } @@ -139,7 +139,7 @@ Improved modeling of loops using Cocoa collection types.</div></div></td> <div class="example"><pre> void test() { id x; - for (x in [NSArray testObject]) { + for (x in [NSArray testObject]) { // assume the value of 'x' is non-nil } } diff --git a/clang/www/analyzer/index.html b/clang/www/analyzer/index.html index cca105a818a..df53add8348 100644 --- a/clang/www/analyzer/index.html +++ b/clang/www/analyzer/index.html @@ -5,7 +5,7 @@ <title>Clang Static Analyzer</title> <link type="text/css" rel="stylesheet" href="content.css"> <link type="text/css" rel="stylesheet" href="menu.css"> - <script type="text/javascript" src="scripts/menu.js"></script> + <script type="text/javascript" src="scripts/menu.js"></script> <!-- Generated from: http://www.spiffycorners.com/index.php --> <style type="text/css"> @@ -45,7 +45,7 @@ border-right:1px solid #f0f3fb} .spiffyfg{ background:#EBF0FA} - + .spiffyfg h2 { margin:0px; padding:10px; } @@ -67,7 +67,7 @@ <table style="margin-top:0px" width="100%" border="0" cellpadding="0px" cellspacing="0"> <tr><td> -<h1>Clang Static Analyzer</h1> +<h1>Clang Static Analyzer</h1> <p>The Clang Static Analyzer is a source code analysis tool that finds bugs in C, C++, and Objective-C programs.</p> @@ -78,7 +78,7 @@ invoked from the command line, and is intended to be run in tandem with a build of a codebase.</p> <p>The analyzer is 100% open source and is part of the <a -href="http://clang.llvm.org">Clang</a> project. Like the rest of Clang, the +href="https://clang.llvm.org">Clang</a> project. Like the rest of Clang, the analyzer is implemented as a C++ library that can be used by other tools and applications.</p> @@ -121,7 +121,7 @@ applications.</p> <b class="spiffy5"></b></b> <div class="spiffyfg"> <div style="padding:15px"> - <h3 style="margin:0px;padding:0px">Other Platforms</h3> + <h3 style="margin:0px;padding:0px">Other Platforms</h3> <p>For other platforms, please follow the instructions for <a href="/installation#OtherPlatforms">building the analyzer</a> from source code.<p> @@ -155,13 +155,13 @@ techniques such as testing.</p> <p>Static analysis bug-finding tools have evolved over the last several decades from basic syntactic checkers to those that find deep bugs by reasoning about the semantics of code. The goal of the Clang Static Analyzer is to provide a -industrial-quality static analysis framework for analyzing C, C++, and +industrial-quality static analysis framework for analyzing C, C++, and Objective-C programs that is freely available, extensible, and has a high quality of implementation.</p> <h3 id="Clang">Part of Clang and LLVM</h3> <p>As its name implies, the Clang Static Analyzer is built on top of <a -href="http://clang.llvm.org">Clang</a> and <a href="http://llvm.org">LLVM</a>. +href="https://clang.llvm.org">Clang</a> and <a href="https://llvm.org">LLVM</a>. Strictly speaking, the analyzer is part of Clang, as Clang consists of a set of reusable C++ libraries for building powerful source-level tools. The static analysis engine used by the Clang Static Analyzer is a Clang library, and has @@ -220,4 +220,3 @@ patches.</p> </div> </body> </html> - diff --git a/clang/www/analyzer/installation.html b/clang/www/analyzer/installation.html index 6a855999c5f..0ae51976fe5 100644 --- a/clang/www/analyzer/installation.html +++ b/clang/www/analyzer/installation.html @@ -5,7 +5,7 @@ <title>Obtaining the Static Analyzer</title> <link type="text/css" rel="stylesheet" href="menu.css"> <link type="text/css" rel="stylesheet" href="content.css"> - <script type="text/javascript" src="scripts/menu.js"></script> + <script type="text/javascript" src="scripts/menu.js"></script> </head> <body> @@ -31,7 +31,7 @@ the analyzer, we recommend that you check back here occasionally for new builds, especially if the build you are using is more than a couple weeks old.</p> -<p>The latest build is: +<p>The latest build is: <!--#include virtual="latest_checker.html.incl"--> </p> @@ -39,7 +39,7 @@ weeks old.</p> we need volunteers who are willing to help provide such regular builds. If you wish to help contribute regular builds of the analyzer on other platforms, please email the <a -href="http://lists.llvm.org/mailman/listinfo/cfe-dev">Clang +href="https://lists.llvm.org/mailman/listinfo/cfe-dev">Clang Developers' mailing list</a>.</p> <h3>Using Packaged Builds</h3> @@ -81,7 +81,7 @@ determine where to find its accompanying files.</p> <p>For other platforms, you must build Clang and LLVM manually. To do so, please follow the instructions for <a -href="http://clang.llvm.org/get_started.html#build">building Clang from +href="https://clang.llvm.org/get_started.html#build">building Clang from source code</a>.<p> <p>Once the Clang is built, you need to add the following to your path:</p> @@ -108,4 +108,3 @@ when clang is built.</p></li> </div> </body> </html> - diff --git a/clang/www/analyzer/open_projects.html b/clang/www/analyzer/open_projects.html index 855d60d9aa9..46cc2b5c63f 100644 --- a/clang/www/analyzer/open_projects.html +++ b/clang/www/analyzer/open_projects.html @@ -5,7 +5,7 @@ <title>Open Projects</title> <link type="text/css" rel="stylesheet" href="menu.css"> <link type="text/css" rel="stylesheet" href="content.css"> - <script type="text/javascript" src="scripts/menu.js"></script> + <script type="text/javascript" src="scripts/menu.js"></script> </head> <body> @@ -15,11 +15,11 @@ <h1>Open Projects</h1> -<p>This page lists several projects that would boost analyzer's usability and -power. Most of the projects listed here are infrastructure-related so this list -is an addition to the <a href="potential_checkers.html">potential checkers -list</a>. If you are interested in tackling one of these, please send an email -to the <a href=http://lists.llvm.org/mailman/listinfo/cfe-dev>cfe-dev +<p>This page lists several projects that would boost analyzer's usability and +power. Most of the projects listed here are infrastructure-related so this list +is an addition to the <a href="potential_checkers.html">potential checkers +list</a>. If you are interested in tackling one of these, please send an email +to the <a href=https://lists.llvm.org/mailman/listinfo/cfe-dev>cfe-dev mailing list</a> to notify other members of the community.</p> <ul> @@ -49,9 +49,9 @@ mailing list</a> to notify other members of the community.</p> </li> <li><code>alpha.unix.StreamChecker</code> - <p>A SimpleStreamChecker has been presented in the Building a Checker in 24 - Hours talk - (<a href="http://llvm.org/devmtg/2012-11/Zaks-Rose-Checker24Hours.pdf">slides</a> + <p>A SimpleStreamChecker has been presented in the Building a Checker in 24 + Hours talk + (<a href="https://llvm.org/devmtg/2012-11/Zaks-Rose-Checker24Hours.pdf">slides</a> <a href="https://youtu.be/kdxlsP5QVPw">video</a>).</p> <p>This alpha checker is an attempt to write a production grade stream checker. @@ -113,7 +113,7 @@ mailing list</a> to notify other members of the community.</p> </p> </li> - <li>Handle constructors for default arguments + <li>Handle constructors for default arguments <p>Default arguments in C++ are recomputed at every call, and are therefore local, and not static, variables. </p> @@ -144,7 +144,7 @@ mailing list</a> to notify other members of the community.</p> <p>Currently in the analyzer the value of a union is always regarded as an unknown. This problem was - previously <a href="http://lists.llvm.org/pipermail/cfe-dev/2017-March/052864.html">discussed</a> + previously <a href="https://lists.llvm.org/pipermail/cfe-dev/2017-March/052864.html">discussed</a> on the mailing list, but no solution was implemented. <p><i> (Difficulty: Medium) </i></p></p> </li> @@ -228,4 +228,3 @@ mailing list</a> to notify other members of the community.</p> </div> </body> </html> - diff --git a/clang/www/analyzer/potential_checkers.html b/clang/www/analyzer/potential_checkers.html index 2e6a201d792..ee9ba164387 100644 --- a/clang/www/analyzer/potential_checkers.html +++ b/clang/www/analyzer/potential_checkers.html @@ -30,7 +30,7 @@ memory.LeakEvalOrder</span><span class="lang"> (C, C++)</span><div class="descr"> Potential memory leaks caused by an undefined argument evaluation order. -<p>Source: <a href="http://www.boost.org/doc/libs/1_49_0/libs/smart_ptr/shared_ptr.htm#BestPractices"> +<p>Source: <a href="https://www.boost.org/doc/libs/1_49_0/libs/smart_ptr/shared_ptr.htm#BestPractices"> boost docs: shared_ptr</a>.</p></div></div></td> <td><div class="exampleContainer expandable"> <div class="example"><pre> @@ -92,7 +92,7 @@ memory.NegativeArraySize</span><span class="lang"> 'n' is used to specify the buffer size may be negative. <br>Note: possibly an enhancement to <span class="name"> alpha.security.MallocOverflow</span>. -<p>Source: <a href="http://cwe.mitre.org/data/definitions/20.html">CWE-20, +<p>Source: <a href="https://cwe.mitre.org/data/definitions/20.html">CWE-20, Example 2</a>.</p></div></div></td> <td><div class="exampleContainer expandable"> <div class="example"><pre> @@ -109,7 +109,7 @@ memory.ZeroAlloc</span><span class="lang"> (C, C++)</span><div class="descr"> Allocation of zero bytes. <br>Note: an enhancement to <span class="name">unix.Malloc</span>. -<br>Note: <span class="name">unix.API</span> perform C-checks for zero +<br>Note: <span class="name">unix.API</span> perform C-checks for zero allocation. This should be moved to <span class="name">unix.Malloc</span>. <p>Source: C++03 3.7.3.1p2; C++11 3.7.4.1p2.</p></div></div></td> <td><div class="exampleContainer expandable"> @@ -127,7 +127,7 @@ void test() { delete[] p; } </pre></div></div></td> -<td class="aligned"><a href="http://reviews.llvm.org/D6178"> +<td class="aligned"><a href="https://reviews.llvm.org/D6178"> D6178</a></td></tr> </table> @@ -294,7 +294,7 @@ int test(bool cond) { return i; } </pre></div></div></td> -<td class="aligned"><a href="http://llvm.org/bugs/show_bug.cgi?id=16890">PR16890</a></td></tr> +<td class="aligned"><a href="https://bugs.llvm.org/show_bug.cgi?id=16890">PR16890</a></td></tr> <tr><td><div class="namedescr expandable"><span class="name"> deadcode.IdempotentOperations</span><span class="lang"> @@ -360,7 +360,7 @@ void use(int fd) { print("%d", count); // should not warn } </pre></div></div></td> -<td class="aligned"><a href="http://llvm.org/bugs/show_bug.cgi?id=18701">PR18701</a></td></tr> +<td class="aligned"><a href="https://bugs.llvm.org/show_bug.cgi?id=18701">PR18701</a></td></tr> </table> @@ -393,9 +393,9 @@ public: <tr><td><div class="namedescr expandable"><span class="name"> undefbehavior.LocalStaticDestroyed</span><span class="lang"> (C++)</span><div class="descr"> -Undefined behavior: function containing a definition of static local object is -called during the destruction of an object with static storage duration so that -flow of control passes through the definition of the previously destroyed +Undefined behavior: function containing a definition of static local object is +called during the destruction of an object with static storage duration so that +flow of control passes through the definition of the previously destroyed static local object. <p>Source: C++11 3.6.3p2.</p></div></div></td> <td><div class="exampleContainer expandable"> @@ -423,7 +423,7 @@ void f() { <tr><td><div class="namedescr expandable"><span class="name"> undefbehavior.ZeroAllocDereference</span><span class="lang"> (C, C++)</span><div class="descr"> -The effect of dereferencing a pointer returned as a request for zero size is +The effect of dereferencing a pointer returned as a request for zero size is undefined.<br> Note: possibly an enhancement to <span class="name"> unix.Malloc</span>. @@ -447,7 +447,7 @@ void test() { delete[] p; } </pre></div></div></td> -<td class="aligned"><a href="http://reviews.llvm.org/D8273">D8273</a></td></tr> +<td class="aligned"><a href="https://reviews.llvm.org/D8273">D8273</a></td></tr> <tr><td><div class="namedescr expandable"><span class="name"> @@ -463,7 +463,7 @@ non-static member function of the object</li> <li>the pointer is implicitly converted to a pointer to a base class type</li> <li>the pointer is used as the operand of a <code>static_cast</code> (except -when the conversion is to <code>void*</code>, or to <code>void*</code> and +when the conversion is to <code>void*</code>, or to <code>void*</code> and subsequently to <code>char*</code>, or <code>unsigned char*</code>)</li> <li>the pointer is used as the operand of a <code>dynamic_cast</code></li></ul> <p>Source: C++03 3.8p5, p7; C++11 3.8p5, p7.</p></div></div></td> @@ -562,7 +562,7 @@ A* test() { <tr><td><div class="namedescr expandable"><span class="name"> undefbehavior.ObjLocChanges</span><span class="lang"> (C++)</span><div class="descr"> -Undefined behavior: the program must ensure that an object occupies the same +Undefined behavior: the program must ensure that an object occupies the same storage location when the implicit or explicit destructor call takes place. <p>Source: C++11 3.8p8.</p></div></div></td> <td><div class="exampleContainer expandable"> @@ -603,7 +603,7 @@ void test() { <tr><td><div class="namedescr expandable"><span class="name"> undefbehavior.ExprEvalOrderUndef</span><span class="lang"> (C, C++03)</span><div class="descr"> -Undefined behavior: a scalar object shall have its stored value modified at +Undefined behavior: a scalar object shall have its stored value modified at most once by the evaluation of an expression.<br> Note: most cases are currently handled by the Clang core (search for 'multiple unsequenced modifications' warning in Clang tests). @@ -622,7 +622,7 @@ int test () { <tr><td><div class="namedescr expandable"><span class="name"> undefbehavior.StaticInitReentered</span><span class="lang"> (C++)</span><div class="descr"> -Undefined behavior: static declaration is re-entered while the object is being +Undefined behavior: static declaration is re-entered while the object is being initialized. <p>Source: C++11 6.7p4.</p></div></div></td> <td><div class="exampleContainer expandable"> @@ -669,7 +669,7 @@ void test() { <tr><td><div class="namedescr expandable"><span class="name"> undefbehavior.DeadDestructed</span><span class="lang"> (C++)</span><div class="descr"> -Undefined behavior: the destructor is invoked for an object whose lifetime +Undefined behavior: the destructor is invoked for an object whose lifetime has ended. <p>Source: C++11 12.4p14.</p></div></div></td> <td><div class="exampleContainer expandable"> @@ -713,9 +713,9 @@ public : <tr><td><div class="namedescr expandable"><span class="name"> undefbehavior.MemberOrBaseRefBeforeCtor</span><span class="lang"> (C++)</span><div class="descr"> -C++ Undefined behavior: non-static member or base class of non-POD class type +C++ Undefined behavior: non-static member or base class of non-POD class type is referred before constructor begins execution.<br> -C++11 Undefined behavior: non-static member or base class of a class with a +C++11 Undefined behavior: non-static member or base class of a class with a non-trivial constructor is referred before constructor begins execution. <p>Source: C++03 12.7p1; C++11 12.7p1.</p></div></div></td> <td><div class="exampleContainer expandable"> @@ -730,8 +730,8 @@ extern non_POD non_pod; int *p = &non_pod.i; // warn </pre></div> <div class="example"><pre> -struct POD { - int i; +struct POD { + int i; }; struct non_POD : public POD { @@ -744,7 +744,7 @@ int *p = &non_pod.pod.i; // warn </pre></div> <div class="example"><pre> struct POD { - int i; + int i; }; struct non_POD : public POD {}; @@ -771,9 +771,9 @@ struct S { <tr><td><div class="namedescr expandable"><span class="name"> undefbehavior.MemberRefAfterDtor</span><span class="lang"> (C++)</span><div class="descr"> -C++03: Undefined behavior: non-static member of non-POD class type is referred +C++03: Undefined behavior: non-static member of non-POD class type is referred after destructor ends execution.<br> -C++11: Undefined behavior: non-static member of a class with a non-trivial +C++11: Undefined behavior: non-static member of a class with a non-trivial destructor is referred after destructor ends execution. <p>Source: C++03 12.7p1; C++11 12.7p1.</p></div></div></td> <td><div class="exampleContainer expandable"> @@ -796,7 +796,7 @@ void test() { <tr><td><div class="namedescr expandable"><span class="name"> undefbehavior.CtorForeignCall</span><span class="lang"> (C++)</span><div class="descr"> -Undefined behavior: call to virtual function of an object under construction +Undefined behavior: call to virtual function of an object under construction whose type is neither the constructors own class or one of its bases. <p>Source: C++11 12.7p4.</p></div></div></td> <td><div class="exampleContainer expandable"> @@ -823,7 +823,7 @@ public: undefbehavior.CtorForeignTypeid</span><span class="lang"> (C++)</span><div class="descr"> Undefined behavior: the operand of <code>typeid</code> is an object under -construction whose type is neither the constructors own class or one of its +construction whose type is neither the constructors own class or one of its bases. <p>Source: C++11 12.7p5.</p></div></div></td> <td><div class="exampleContainer expandable"> @@ -865,7 +865,7 @@ public: class B { public: - B(A* a) { + B(A* a) { (void)dynamic_cast<B*>(a); //warn } }; @@ -881,8 +881,8 @@ public: <tr><td><div class="namedescr expandable"><span class="name"> undefbehavior.MemberOrBaseRefInCatch</span><span class="lang"> (C++)</span><div class="descr"> -Undefined behavior: referring to any non-static member or base class of an -object in the handler for a function-try-block of a constructor or destructor +Undefined behavior: referring to any non-static member or base class of an +object in the handler for a function-try-block of a constructor or destructor for that object results in undefined behavior. <p>Source: C++11 15.3p10.</p></div></div></td> <td><div class="exampleContainer expandable"> @@ -925,7 +925,7 @@ public : <tr><td><div class="namedescr expandable"><span class="name"> undefbehavior.ReturnAtCatchEnd</span><span class="lang"> (C++)</span><div class="descr"> -Undefined behavior: a function returns when control reaches the end of a +Undefined behavior: a function returns when control reaches the end of a handler. This results in undefined behavior in a value-returning function. <p>Source: C++11 15.3p10.</p></div></div></td> <td><div class="exampleContainer expandable"> @@ -1011,9 +1011,9 @@ int test() { <tr><td><div class="namedescr expandable"><span class="name"> undefbehavior.QsortNonPODNonTrivial</span><span class="lang"> (C++)</span><div class="descr"> -C++03: Undefined behavior: the objects in the array passed to qsort are of +C++03: Undefined behavior: the objects in the array passed to qsort are of non-POD type.<br> -C++11: Undefined behavior: the objects in the array passed to qsort are of +C++11: Undefined behavior: the objects in the array passed to qsort are of non-trivial type. <p>Source: C++03 25.4p4; C++11 25.5p4.</p></div></div></td> <td><div class="exampleContainer expandable"> @@ -1353,7 +1353,7 @@ int test() { <tr><td><div class="namedescr expandable"><span class="name"> different.NullDerefStmtOrder</span><span class="lang"> (C)</span><div class="descr"> -Dereferencing of the null pointer might take place. Checking the pointer for +Dereferencing of the null pointer might take place. Checking the pointer for null should be performed first. <br>Note: possibly an enhancement to <span class="name"> core.NullDereference</span>.</div></div></td> @@ -1380,7 +1380,7 @@ void test() { <tr><td><div class="namedescr expandable"><span class="name"> different.NullDerefCondOrder</span><span class="lang"> (C)</span><div class="descr"> -Dereferencing of the null pointer might take place. Checking the pointer for +Dereferencing of the null pointer might take place. Checking the pointer for null should be performed first. <br>Note: possibly an enhancement to <span class="name"> core.NullDereference</span>.</div></div></td> @@ -1734,7 +1734,7 @@ different.IntegerOverflow</span><span class="lang"> Integer overflow. <br>Note: partially handled by Clang core (search for 'overflow in expression' warning in Clang tests). -<p>Source: <a href="http://cwe.mitre.org/data/definitions/190.html"> +<p>Source: <a href="https://cwe.mitre.org/data/definitions/190.html"> CWE-190</a>.</p></div></div></td> <td><div class="exampleContainer expandable"> <div class="example"><pre> @@ -1761,7 +1761,7 @@ int test() { different.SignExtension</span><span class="lang"> (C)</span><div class="descr"> Unexpected sign extension might take place. -<p>Source: <a href="http://cwe.mitre.org/data/definitions/194.html"> +<p>Source: <a href="https://cwe.mitre.org/data/definitions/194.html"> CWE-194</a>.</p></div></div></td> <td><div class="exampleContainer expandable"> <div class="example"><pre> @@ -1789,7 +1789,7 @@ unsigned int test(int i) { different.NumericTruncation</span><span class="lang"> (C)</span><div class="descr"> Numeric truncation might take place. -<p>Source: <a href="http://cwe.mitre.org/data/definitions/197.html"> +<p>Source: <a href="https://cwe.mitre.org/data/definitions/197.html"> CWE-197</a>.</p></div></div></td> <td><div class="exampleContainer expandable"> <div class="example"><pre> @@ -1851,7 +1851,7 @@ white space-delimited string pointed to by <code><i>lpCommandLine</code></i>. If the executable or path name has a space in it, there is a risk that a different executable could be run because of the way the function parses spaces. -<p>Source: <a href="http://msdn.microsoft.com/en-us/library/windows/desktop/ms682425%28v=vs.85%29.aspx"> +<p>Source: <a href="https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createprocessa#security-remarks"> MSDN: CreateProcess function, Security Remarks</a>.</p></div></div></td> <td><div class="exampleContainer expandable"> <div class="example"><pre> @@ -1873,7 +1873,7 @@ WinAPI.LoadLibrary</span><span class="lang"> (C)</span><div class="descr"> The <code>SearchPath()</code> function is used to retrieve a path to a DLL for a subsequent <code>LoadLibrary()</code> call. -<p>Source: <a href="http://msdn.microsoft.com/en-us/library/windows/desktop/ms684175%28v=vs.85%29.aspx"> +<p>Source: <a href="https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibrarya#security-remarks"> MSDN: LoadLibrary function, Security Remarks</a>.</p></div></div></td> <td><div class="exampleContainer expandable"> <div class="example"><pre> @@ -1894,7 +1894,7 @@ WinAPI.WideCharToMultiByte</span><span class="lang"> Buffer overrun while calling <code>WideCharToMultiByte()</code>. The size of the input buffer equals the number of characters in the Unicode string, while the size of the output buffer equals the number of bytes. -<p>Source: <a href="http://msdn.microsoft.com/en-us/library/windows/desktop/dd374130%28v=vs.85%29.aspx"> +<p>Source: <a href="https://docs.microsoft.com/en-us/windows/win32/api/stringapiset/nf-stringapiset-widechartomultibyte"> MSDN: WideCharToMultiByte function</a>.</p></div></div></td> <td><div class="exampleContainer expandable"> <div class="example"><pre> @@ -1947,7 +1947,7 @@ operators.</p></div></div></td> void test() { std::vector<int> v; std::vector<int>::const_iterator it; - for(it = v.begin(); + for(it = v.begin(); it != v.end(); it++) {}; // warn } </pre></div></div></td> diff --git a/clang/www/analyzer/release_notes.html b/clang/www/analyzer/release_notes.html index 68e224b3666..19a9190b181 100644 --- a/clang/www/analyzer/release_notes.html +++ b/clang/www/analyzer/release_notes.html @@ -90,7 +90,7 @@ <li>Accepts <tt>-arch arm64</tt> (which may be passed by Xcode 5.0), but for the time being analyzes code in such cases as <tt>-arch armv7s</tt>.</li> <li>Many sundry fixes, improvements to C++ support, etc.</li> </ul> - + <h4 id="checker_275">checker-275</h4> <p><b>built:</b> May 23, 2013</br> <b>download:</b> <a href="downloads/checker-275.tar.bz2">checker-275.tar.bz2</a></p> @@ -177,7 +177,7 @@ <h4 id="checker_268">checker-268</h4> <p><b>built:</b> September 11, 2012</p> <p><b>highlights:</b></p> - + <ul> <li>Adds initial interprocedural analysis support for C++ and Objective-C. This will greatly improve analysis coverage and find deeper bugs in Objective-C and C++ code.</li> <li>Contains a static analyzer newer than Xcode 4.4.</li> @@ -203,8 +203,8 @@ these, and any other problems you encounter. When you encounter an issue, please <p><b>highlights:</b></p> <p>This release contains a fix for a major crasher introduced in checker-264, and various refinements to -improve the precision and reduce the false positive rate of the analyzer. It also enables a new unix.MallocSizeof check, which reports -inconsistencies between the casted type of the return value of a 'malloc/calloc/realloc' call and the operand +improve the precision and reduce the false positive rate of the analyzer. It also enables a new unix.MallocSizeof check, which reports +inconsistencies between the casted type of the return value of a 'malloc/calloc/realloc' call and the operand of sizeof expressions contained within its argument(s).</p> <h4 id="checker_264">checker-264</h4> @@ -290,7 +290,7 @@ of sizeof expressions contained within its argument(s).</p> <li>Supports ARC (please file bugs where you see issues)</li> <li>Major under-the-cover changes. This should result in more precise results in some cases, but this is laying the groundwork for major improvements. Please file bugs where you see regressions or issues.</li> </ul> - + <h4 id="checker_257">checker-257</h4> <p><b>built: </b>May 25, 2011<br> @@ -316,15 +316,15 @@ of sizeof expressions contained within its argument(s).</p> <p>This build contains basic support for C++ and Objective-C++ that is ready to be tried out by general users. It is still in its infancy, but establishes a baseline for things to come. The main hope is that it can find some issues and have a reasonable false positive rate.</p> - + <p><b>Please</b> <a href="/filing_bugs.html">file bugs</a> when you see issues of any kind so we can assess where development on C++ analysis support needs to be focused.</p> - + <p>To try out C++ analysis support, it should work out of the box using <tt>scan-build</tt>. If you are using this checker build as a replacement to the analyzer bundled with Xcode, first use the <tt>set-xcode-analyzer</tt> script to <a href="/xcode.html">change Xcode to use your version of the analyzer</a>. You will then need to modify one configuration file in Xcode to enable C++ analysis support. This can be done with the following steps:</p> - + <ol> <li>Find the clang .xcspec file: <pre>$ cd /Developer/Library @@ -380,4 +380,3 @@ $ find . | grep xcspec | grep Clang </div> </body> </html> - diff --git a/clang/www/analyzer/scan-build.html b/clang/www/analyzer/scan-build.html index 83efea90151..a2e5f6a532b 100644 --- a/clang/www/analyzer/scan-build.html +++ b/clang/www/analyzer/scan-build.html @@ -34,8 +34,8 @@ web browser.</p> <p><b>scan-build</b> has little or no knowledge about how you build your code. It works by overriding the <tt>CC</tt> and <tt>CXX</tt> environment variables to (hopefully) change your build to use a "fake" compiler instead of the -one that would normally build your project. This fake compiler executes either -<tt>clang</tt> or <tt>gcc</tt> (depending on the platform) to compile your +one that would normally build your project. This fake compiler executes either +<tt>clang</tt> or <tt>gcc</tt> (depending on the platform) to compile your code and then executes the static analyzer to analyze your code.</p> <p>This "poor man's interposition" works amazingly well in many cases @@ -76,7 +76,7 @@ aforementioned hack fails to work.</p> <p>The <tt>scan-build</tt> command can be used to analyze an entire project by essentially interposing on a project's build process. This means that to run the analyzer using <tt>scan-build</tt>, you will use <tt>scan-build</tt> to analyze -the source files compiled by <tt>gcc</tt>/<tt>clang</tt> during a project build. +the source files compiled by <tt>gcc</tt>/<tt>clang</tt> during a project build. This means that any files that are not compiled will also not be analyzed.</p> <h3 id="scanbuild_basicusage">Basic Usage</h3> @@ -92,7 +92,7 @@ $ <span class="code_highlight">scan-build</span> xcodebuild <p>In the first case <tt>scan-build</tt> analyzes the code of a project built with <tt>make</tt> and in the second case <tt>scan-build</tt> analyzes a project built using <tt>xcodebuild</tt>.<p> - + <p>Here is the general format for invoking <tt>scan-build</tt>:</p> <pre class="code_example"> @@ -135,7 +135,7 @@ your PATH environment variable.</p> with MinGW/MSYS the following information may be helpful:</p> <ul> - <li> If getting unexpected <tt>"fatal error: no input files"</tt> while + <li> If getting unexpected <tt>"fatal error: no input files"</tt> while building with MSYS make from the Windows cmd, try one of these solutions:</li> <ul> <li> Use MinGW <tt>mingw32-make</tt> instead of MSYS <tt>make</tt> and @@ -148,7 +148,7 @@ with backslashed quotes may be heavily corrupted when passed for execution.</li> $ <span class="code_highlight">scan-build</span> <i>[scan-build options]</i> sh -c "make <i>[make options]</i>" </pre></li> </ul> - <li> If getting <tt>"Error : *** target pattern contains no `%'"</tt> while + <li> If getting <tt>"Error : *** target pattern contains no `%'"</tt> while using GNU Make 3.81, try to use another version of make.</li> </ul> @@ -189,9 +189,9 @@ reports against the analyzer.</td></tr> command completes.</td></tr> <tr><td><b>--use-analyzer Xcode</b><br><i>or</i><br> -<b>--use-analyzer [path to clang]</b></td><td><tt>scan-build</tt> uses the -'clang' executable relative to itself for static analysis. One can override this -behavior with this option by using the 'clang' packaged with Xcode (on OS X) or +<b>--use-analyzer [path to clang]</b></td><td><tt>scan-build</tt> uses the +'clang' executable relative to itself for static analysis. One can override this +behavior with this option by using the 'clang' packaged with Xcode (on OS X) or from the PATH.</p></td></tr> </table> <p>A complete list of options can be obtained by running <tt>scan-build</tt> @@ -263,7 +263,7 @@ regular compilation and <tt>clang</tt> to perform static analysis.</p> paths to the compiler, and by running <tt>configure</tt> through <tt>scan-build</tt> that path is set to <tt>ccc-analyzer</tt>.</p> -<!-- +<!-- <h2 id="Debugging">Debugging the Analyzer</h2> <p>This section provides information on debugging the analyzer, and troubleshooting @@ -354,12 +354,12 @@ $ scan-build xcodebuild -configuration Debug -sdk iphonesimulator3.0 <h3>Gotcha: using the right compiler</h3> <p>Recall that <b>scan-build</b> analyzes your project by using a compiler to -compile the project and <tt>clang</tt> to analyze your project. The script uses -simple heuristics to determine which compiler should be used (it defaults to +compile the project and <tt>clang</tt> to analyze your project. The script uses +simple heuristics to determine which compiler should be used (it defaults to <tt>clang</tt> on Darwin and <tt>gcc</tt> on other platforms). When analyzing iPhone projects, <b>scan-build</b> may pick the wrong compiler than the one -Xcode would use to build your project. For example, this could be because -multiple versions of a compiler may be installed on your system, especially if +Xcode would use to build your project. For example, this could be because +multiple versions of a compiler may be installed on your system, especially if you are developing for the iPhone.</p> <p>When compiling your application to run on the simulator, it is important that <b>scan-build</b> @@ -381,4 +381,3 @@ full path to the compiler that Xcode is using, and use that as an argument to </div> </body> </html> - diff --git a/clang/www/analyzer/xcode.html b/clang/www/analyzer/xcode.html index 8ccae81898d..d6e44bc4f0b 100644 --- a/clang/www/analyzer/xcode.html +++ b/clang/www/analyzer/xcode.html @@ -53,7 +53,7 @@ presents analysis results directly within Xcode's editor.</p> <p>Xcode is available as a free download from Apple on the <a href="https://itunes.apple.com/us/app/xcode/id497799835?mt=12">Mac -App Store</a>, with <a +App Store</a>, with <a href="https://developer.apple.com/library/ios/recipes/xcode_help-source_editor/chapters/Analyze.html#//apple_ref/doc/uid/TP40009975-CH4-SW1">instructions available</a> for using the analyzer.</p> @@ -141,4 +141,3 @@ $ sudo set-xcode-analyzer --use-xcode-clang </div> </body> </html> - |
