All geek questions in one place

Clang Static Analyzer does not find the most basic problems

I wanted to try the clang static analyzer. I am on Windows and am creating clang with Visual Studio. It seems to work, but at the same time it seems extremely useless.

I made an example file

example.c

int main(void) { int h = 0; return 1/h; }

Calling scan-build gcc -c example.c does not detect an error.

example.c

 int main(void) { int h; return 1/h; }

Calling scan-build gcc -c example.c does not detect an error.

example.c

 int main(void) { return 1/0; }

Calling scan-build gcc -c example.c does not detect an error.

If these very basic errors cannot be found (and they can be found by the clan itself), how can a static analyzer be used?

My gcc is MinGW, if that matters. I also tried replacing clang , but nothing happens.

Am I doing something wrong here?

+6
source share
2 answers

be sure to use build-scan -v (verbose) to see if clang checker really works. I followed this guide http://web.cs.ucla.edu/~tianyi.zhang/tutorial.html When I tried the C ++ example, it did not detect errors in the buggy code. -v showed me that the provided Makefile was broken - after I fixed that clang still did not detect the error, but g ++ shows the error.

Perhaps they turned this particular check. Clang static analyzer version 3.8 The tutorial uses version 3.2

+1
source

Maybe you are not doing anything right. For example, the third Visual Studio 2015 example even refused to compile with an error:

error C2124: division or mode by zero.

I don’t think Klang is able to detect something like this. However, this is not important.

I tried to check this code using PVS-Studio and found all three errors:

  • V609 Divide by zero. Denominator 'h' == 0. MFCApplication2 mainfrm.cpp 17
  • V614 The uninitialized variable 'h' is used. MFCApplication2 mainfrm.cpp 23
  • V609 Divide by zero. Denominator '0' == 0. MFCApplication2 mainfrm.cpp 28

Therefore, I recommend that you still experiment. At least the third case must be accurately found by the Clan. A practical recommendation is to use more powerful tools, such as PVS-Studio, for analysis. He, by the way, finds bugs in Clang and GCC.

0
source

Source: https://habr.com/ru/post/1015620/

More articles:


All Articles