介绍

静态分析是用于分析源代码以自动发现错误。这个想法在精神上类似于编译器警告（可以用于找到编码错误），但更进一步，可以发现传统上使用运行时调试技术（例如测试）发现的错误。
它可以用来检查代码规范性、发现代码中的错误，比如:

• Out of bounds errors
• Memory leaks
• Usage of uninitialized variables
• Use of unsafe functions

这里我们将分别介绍:

• clang-analyzer
• clang-format
• cppcheck-compile-commands
• cppcheck

clang-analyzer

介绍

这个例子展示了如何使用 Clang 静态分析工具 (opens new window)进行静态分析。

本例的目录🌲:

├── CMakeLists.txt      # Top level CMakeLists.txt
├── subproject1
│   ├── CMakeLists.txt  # CMake commands for subproject 1
│   └── main1.cpp       # source for a subproject with no errors
└── subproject2
    ├── CMakeLists.txt  # CMake commands for subproject 2
    └── main2.cpp       # source for a subproject that includes errors

安装静态分析器 scan-build

在 ubuntu 20.04 上的安装方法为:

sudo apt-get install clang-tools

概念解释

scan-build

使用 scan-build 来运行 clang 静态分析器，在运行编译器时同时运行分析器。

在使用 cmake 和 make 进行构建时的使用方法:

$ scan-build cmake ..
$ scan-build make

当然也可以用 scan-build 来分析单个文件:

$ scan-build gcc -c t1.c t2.c

scan-build 的输出

scan-build 只会在编译时输出警告信息，并且还会生成一份包含错误详细分析的 HTML 文件列表。

默认的报告会倍放到 /tmp/scan-build-xxxxxxx 目录下。
目录🌲为:

├── index.html
├── report-70fc08.html
├── scanview.css
└── sorttable.js

可以使用命令 scan-view /tmp/scan-build-xxxxxxxx 查看 bug 报告。

构建本例

$ mkdir build
$ cd build

$ scan-build cmake ..
scan-build: Using '/usr/lib/llvm-10/bin/clang' for static analysis
-- The C compiler identification is GNU 9.4.0
-- The CXX compiler identification is GNU 9.4.0
-- Check for working C compiler: /usr/share/clang/scan-build-10/libexec/ccc-analyzer
-- Check for working C compiler: /usr/share/clang/scan-build-10/libexec/ccc-analyzer -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Detecting C compile features
-- Detecting C compile features - done
-- Check for working CXX compiler: /usr/share/clang/scan-build-10/libexec/c++-analyzer
-- Check for working CXX compiler: /usr/share/clang/scan-build-10/libexec/c++-analyzer -- works
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Configuring done
-- Generating done
-- Build files have been written to: /home/tartarus/workspace/cmake/cmake-examples/04-static-analysis/clang-analyzer/build
scan-build: Removing directory '/tmp/scan-build-2023-04-24-033546-311641-1' because it contains no reports.
scan-build: No bugs found.

$ scan-build make
scan-build: Using '/usr/lib/llvm-10/bin/clang' for static analysis
Scanning dependencies of target subproject1
[ 25%] Building CXX object subproject1/CMakeFiles/subproject1.dir/main1.cpp.o
[ 50%] Linking CXX executable subproject1
[ 50%] Built target subproject1
Scanning dependencies of target subproject2
[ 75%] Building CXX object subproject2/CMakeFiles/subproject2.dir/main2.cpp.o
/home/tartarus/workspace/cmake/cmake-examples/04-static-analysis/clang-analyzer/subproject2/main2.cpp:7:17: warning: Dereference of null pointer (loaded from variable 'x')
   std::cout << *x << std::endl;
                ^~
1 warning generated.
[100%] Linking CXX executable subproject2
[100%] Built target subproject2
scan-build: 1 bug found.
scan-build: Run 'scan-view /tmp/scan-build-2023-04-24-033601-311812-1' to examine bug reports.

clang-format

介绍

概念解释

构建本例

cppcheck-compile-commands

介绍

概念解释

构建本例

cppcheck

介绍

概念解释

构建本例