index.html source code [clang_source_code/www/analyzer/index.html]

1	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
2	"http://www.w3.org/TR/html4/strict.dtd">
3	<html>
4	<head>
5	<title>Clang Static Analyzer</title>
6	<link type="text/css" rel="stylesheet" href="content.css">
7	<link type="text/css" rel="stylesheet" href="menu.css">
8	<script type="text/javascript" src="scripts/menu.js"></script>
9	<!-- Generated from: http://www.spiffycorners.com/index.php -->
10
11	<style type="text/css">
12	.spiffy{display:block}
13	.spiffy *{
14	display:block;
15	height:1px;
16	overflow:hidden;
17	font-size:.01em;
18	background:#EBF0FA}
19	.spiffy1{
20	margin-left:3px;
21	margin-right:3px;
22	padding-left:1px;
23	padding-right:1px;
24	border-left:1px solid #f6f8fc;
25	border-right:1px solid #f6f8fc;
26	background:#f0f3fb}
27	.spiffy2{
28	margin-left:1px;
29	margin-right:1px;
30	padding-right:1px;
31	padding-left:1px;
32	border-left:1px solid #fdfdfe;
33	border-right:1px solid #fdfdfe;
34	background:#eef2fa}
35	.spiffy3{
36	margin-left:1px;
37	margin-right:1px;
38	border-left:1px solid #eef2fa;
39	border-right:1px solid #eef2fa;}
40	.spiffy4{
41	border-left:1px solid #f6f8fc;
42	border-right:1px solid #f6f8fc}
43	.spiffy5{
44	border-left:1px solid #f0f3fb;
45	border-right:1px solid #f0f3fb}
46	.spiffyfg{
47	background:#EBF0FA}
48
49	.spiffyfg h2 {
50	margin:0px; padding:10px;
51	}
52
53	#left { float:left; }
54	#left h2 { margin:1px; padding-top:0px; }
55	#right { float:left; margin-left:20px; margin-right:20px; padding:0px ;}
56	#right h2 { padding:0px; margin:0px; }
57	#wrappedcontent { padding:15px;}
58	</style>
59	</head>
60	<body>
61
62	<div id="page">
63	<!--#include virtual="menu.html.incl"-->
64	<div id="content">
65
66
67	<table style="margin-top:0px" width="100%" border="0" cellpadding="0px" cellspacing="0">
68	<tr><td>
69
70	<h1>Clang Static Analyzer</h1>
71
72	<p>The Clang Static Analyzer is a source code analysis tool that finds bugs in
73	C, C++, and Objective-C programs.</p>
74
75	<p>Currently it can be run either as a <a href="scan-build.html">standalone
76	tool</a> or <a href="xcode.html">within Xcode</a>. The standalone tool is
77	invoked from the command line, and is intended to be run in tandem with a build
78	of a codebase.</p>
79
80	<p>The analyzer is 100% open source and is part of the <a
81	href="http://clang.llvm.org">Clang</a> project. Like the rest of Clang, the
82	analyzer is implemented as a C++ library that can be used by other tools and
83	applications.</p>
84
85	<h2>Download</h2>
86
87	<div style="padding:0px; font-size: 90%">
88	<b class="spiffy">
89	<b class="spiffy1"><b></b></b>
90	<b class="spiffy2"><b></b></b>
91	<b class="spiffy3"></b>
92	<b class="spiffy4"></b>
93	<b class="spiffy5"></b></b>
94	<div class="spiffyfg">
95	<div style="padding:15px">
96	<h3 style="margin:0px;padding:0px">Mac OS X</h3>
97	<ul>
98	<li>Latest build (10.8+):<br>
99	<!--#include virtual="latest_checker.html.incl"-->
100	</li>
101	<li><a href="/release_notes.html">Release notes</a></li>
102	<li>This build can be used both from the command line and from within Xcode</li>
103	<li><a href="/installation.html">Installation</a> and <a href="/scan-build.html">usage</a></li>
104	</ul>
105	</div>
106	</div>
107	<b class="spiffy">
108	<b class="spiffy5"></b>
109	<b class="spiffy4"></b>
110	<b class="spiffy3"></b>
111	<b class="spiffy2"><b></b></b>
112	<b class="spiffy1"><b></b></b></b>
113	</div>
114
115	<div style="padding:0; margin-top:10px; font-size: 90%">
116	<b class="spiffy">
117	<b class="spiffy1"><b></b></b>
118	<b class="spiffy2"><b></b></b>
119	<b class="spiffy3"></b>
120	<b class="spiffy4"></b>
121	<b class="spiffy5"></b></b>
122	<div class="spiffyfg">
123	<div style="padding:15px">
124	<h3 style="margin:0px;padding:0px">Other Platforms</h3>
125	<p>For other platforms, please follow the instructions for <a
126	href="/installation#OtherPlatforms">building the analyzer</a> from
127	source code.<p>
128	</div>
129	</div>
130	<b class="spiffy">
131	<b class="spiffy5"></b>
132	<b class="spiffy4"></b>
133	<b class="spiffy3"></b>
134	<b class="spiffy2"><b></b></b>
135	<b class="spiffy1"><b></b></b></b>
136	</div>
137
138
139	</td><td style="padding-left:10px">
140	<a href="images/analyzer_xcode.png"><img src="images/analyzer_xcode.png" width="450" alt="analyzer in xcode"></a>
141	<div style="text-align:center"><b>Viewing static analyzer results in Xcode</b></div>
142	<a href="images/analyzer_html.png"><img src="images/analyzer_html.png" width="450" alt="analyzer in browser"></a>
143	<div style="text-align:center"><b>Viewing static analyzer results in a web browser</b></div>
144	</td></tr></table>
145
146	<h2 id="StaticAnalysis">What is Static Analysis?</h2>
147
148	<p>The term "static analysis" is conflated, but here we use it to mean
149	a collection of algorithms and techniques used to analyze source code in order
150	to automatically find bugs. The idea is similar in spirit to compiler warnings
151	(which can be useful for finding coding errors) but to take that idea a step
152	further and find bugs that are traditionally found using run-time debugging
153	techniques such as testing.</p>
154
155	<p>Static analysis bug-finding tools have evolved over the last several decades
156	from basic syntactic checkers to those that find deep bugs by reasoning about
157	the semantics of code. The goal of the Clang Static Analyzer is to provide a
158	industrial-quality static analysis framework for analyzing C, C++, and
159	Objective-C programs that is freely available, extensible, and has a high quality of implementation.</p>
160
161	<h3 id="Clang">Part of Clang and LLVM</h3>
162
163	<p>As its name implies, the Clang Static Analyzer is built on top of <a
164	href="http://clang.llvm.org">Clang</a> and <a href="http://llvm.org">LLVM</a>.
165	Strictly speaking, the analyzer is part of Clang, as Clang consists of a set of
166	reusable C++ libraries for building powerful source-level tools. The static
167	analysis engine used by the Clang Static Analyzer is a Clang library, and has
168	the capability to be reused in different contexts and by different clients.</p>
169
170	<h2>Important Points to Consider</h2>
171
172	<p>While we believe that the static analyzer is already very useful for finding
173	bugs, we ask you to bear in mind a few points when using it.</p>
174
175	<h3>Work-in-Progress</h3>
176
177	<p>The analyzer is a continuous work-in-progress. There are many planned
178	enhancements to improve both the precision and scope of its analysis algorithms
179	as well as the kinds of bugs it will find. While there are fundamental
180	limitations to what static analysis can do, we have a long way to go before
181	hitting that wall.</p>
182
183	<h3>Slower than Compilation</h3>
184
185	<p>Operationally, using static analysis to
186	automatically find deep program bugs is about trading CPU time for the hardening
187	of code. Because of the deep analysis performed by state-of-the-art static
188	analysis tools, static analysis can be much slower than compilation.</p>
189
190	<p>While the Clang Static Analyzer is being designed to be as fast and
191	light-weight as possible, please do not expect it to be as fast as compiling a
192	program (even with optimizations enabled). Some of the algorithms needed to find
193	bugs require in the worst case exponential time.</p>
194
195	<p>The Clang Static Analyzer runs in a reasonable amount of time by both
196	bounding the amount of checking work it will do as well as using clever
197	algorithms to reduce the amount of work it must do to find bugs.</p>
198
199	<h3>False Positives</h3>
200
201	<p>Static analysis is not perfect. It can falsely flag bugs in a program where
202	the code behaves correctly. Because some code checks require more analysis
203	precision than others, the frequency of false positives can vary widely between
204	different checks. Our long-term goal is to have the analyzer have a low false
205	positive rate for most code on all checks.</p>
206
207	<p>Please help us in this endeavor by <a href="filing_bugs.html">reporting false
208	positives</a>. False positives cannot be addressed unless we know about
209	them.</p>
210
211	<h3>More Checks</h3>
212
213	<p>Static analysis is not magic; a static analyzer can only find bugs that it
214	has been specifically engineered to find. If there are specific kinds of bugs
215	you would like the Clang Static Analyzer to find, please feel free to
216	file <a href="filing_bugs.html">feature requests</a> or contribute your own
217	patches.</p>
218
219	</div>
220	</div>
221	</body>
222	</html>
223
224

Clang Project