Download Summary

The Clang Static Analyzer
More resources
You may check the following resources for more projects and other information:
• http://clang-analyzer.llvm.org: The Clang Static Analyzer project page.
• http://clang-analyzer.llvm.org/checker_dev_manual.html: A useful
manual with more information for those who want to develop new checkers.
• http://lcs.ios.ac.cn/~xzx/memmodel.pdf: The paper A Memory Model
for Static Analysis of C by Zhongxing Xu, Ted Kremenek, and Jian Zhang.
It details theoretical aspects of the memory model that was implemented
in the analyzer core.
• http://clang.llvm.org/doxygen/annotated.html: The Clang doxygen
documentation.
• http://llvm.org/devmtg/2012-11/videos/Zaks-Rose-Checker24Hours.
mp4: A talk explaining how to quickly build a checker, given by Anna Zaks
and Jordan Rose, static analyzer developers, at the 2012 LLVM Developers'
meeting.
Summary
In this chapter, we explored how the Clang Static Analyzer differs from simple
bug detection tools that run on the compiler frontend. We provided examples
where the static analyzer is more accurate and explained that there is trade-off
between accuracy and computing time, and that the exponential-time static analyzer
algorithm is unfeasible to be integrated into the regular compiler pipeline because
of the time it needs to complete its analyses. We also presented how to use the
command-line interface to run the static analyzer on simple projects and a helper tool
called scan-build to analyze large projects. We finished this chapter by presenting
how to extend the static analyzer with your own path-sensitive bug checker.
In the next chapter, we will present Clang tools that are built on top of the LibTooling
infrastructure, which eases the process of building code-refactoring utilities.
[ 248 ]