The previous behavior was to deduplicate reports based on md5 of the
html file. This algorithm might have worked originally but right now
HTML reports contain information rich enough to make them virtually
always distinct which breaks deduplication entirely.
The new strategy is to (finally) take advantage of IssueHash - the
stable report identifier provided by clang that is the same if and only if
the reports are duplicates of each other.
Additionally, scan-build no longer performs deduplication on its own.
Instead, the report file name is now based on the issue hash,
and clang instances will silently refuse to produce a new html file
when a duplicate already exists. This eliminates the problem entirely.
The '-analyzer-config stable-report-filename' option is deprecated
because report filenames are no longer unstable. A new option is
introduced, '-analyzer-config verbose-report-filename', to produce
verbose file names that look similar to the old "stable" file names.
The old option acts as an alias to the new option.
Differential Revision: https://reviews.llvm.org/D105167
Allow users to use a non-system version of perl, python and awk, which is useful
in certain package managers.
Reviewed By: JDevlieghere, MaskRay
Differential Revision: https://reviews.llvm.org/D95119
e00629f777 "[scan-build] Fix clang++ pathname" had
removed the -MAJOR.MINOR suffix, but since presumably LLVM 7 the suffix is only
-MAJOR, so ClangCXX (i.e., the CLANG_CXX environment variable passed to
clang/tools/scan-build/libexec/ccc-analyzer) now contained a non-existing
/path/to/clang-12++ (which apparently went largely unnoticed as
clang/tools/scan-build/libexec/ccc-analyzer falls back to just 'clang++' if the
executable denoted by CLANG_CXX does not exist).
For the new clang/test/Analysis/scan-build/cxx-name.test to be effective,
%scan-build must now take care to pass the clang executable's resolved pathname
(i.e., ending in .../clang-MAJOR rather than just .../clang) to --use-analyzer.
Differential Revision: https://reviews.llvm.org/D89481
Fixes "Use of uninitialized value $ScanView in exec" error on systems
with scan-view executable not located in the expected place.
Patch by Oliver Tušla!
Differential Revision: https://reviews.llvm.org/D77880
This reverts commit 21efb06f0a.
Changes since last attempt to land this patch:
- Sort files before deduplicating. This hopefully avoids some buildbot failures.
- Fix use of uninitialized variable when running without --use-analyzer.
- Remove the "REQUIRES: windows" item.
This is useful for performing custom build system integration that works by appending '--analyze --analyzer-output html' to all clang build commands.
For such users there is now still a way to have the fancy index.html file
in the output.
Differential Revision: https://reviews.llvm.org/D74467
Add install targets as necessary to install bash-autocomplete,
scan-build and scan-view via LLVM_DISTRIBUTION_TARGETS.
Differential Revision: https://reviews.llvm.org/D68413
llvm-svn: 373695
Current code assumes flags in CompilerLinkerOptionMap don't use =,
which isn't always true.
Patch by Chris Laplante!
Differential Revision: https://reviews.llvm.org/D66569
llvm-svn: 371002
Summary:
This patch introduces a new `analyzer-config` configuration:
`-analyzer-config silence-checkers`
which could be used to silence the given checkers.
It accepts a semicolon separated list, packed into quotation marks, e.g:
`-analyzer-config silence-checkers="core.DivideZero;core.NullDereference"`
It could be used to "disable" core checkers, so they model the analysis as
before, just if some of them are too noisy it prevents to emit reports.
This patch also adds support for that new option to the scan-build.
Passing the option `-disable-checker core.DivideZero` to the scan-build
will be transferred to `-analyzer-config silence-checkers=core.DivideZero`.
Reviewed By: NoQ, Szelethus
Differential Revision: https://reviews.llvm.org/D66042
llvm-svn: 369078
In Perl, -z is defined as checking if a "file has zero size" and makes no mention what it does when given a directory. It looks like the behavior differs across platforms, which is why on Windows the SARIF file was always being deleted.
Patch by Joe Ranieri.
llvm-svn: 366941
Change scan-build to support the scenario where scan-build is installed in
$TOOLCHAIN/usr/local/bin/ but clang itself is installed in $TOOLCHAIN/usr/bin/.
This is restricted to when 'xcrun' is present; that is, on the Mac.
rdar://problem/48914634
Differential Revision: https://reviews.llvm.org/D59406
llvm-svn: 356308
The python documentation says "it’s highly recommended that you use raw strings for all but the simplest expressions." (https://docs.python.org/3/library/re.html)
So do that with the attached patch generated by
sed -i -e "s/re.search('/re.search(r'/g" $(git grep -l 're.search(')
The warning can be seen in e.g. python3.7:
$ python3.7 -Wd
>>> import re; re.search('\s', '')
<stdin>:1: DeprecationWarning: invalid escape sequence \s
Commited on behalf of Marco Falke.
Differential Revision: https://reviews.llvm.org/D57528
llvm-svn: 353707
to reflect the new license.
We understand that people may be surprised that we're moving the header
entirely to discuss the new license. We checked this carefully with the
Foundation's lawyer and we believe this is the correct approach.
Essentially, all code in the project is now made available by the LLVM
project under our new license, so you will see that the license headers
include that license only. Some of our contributors have contributed
code under our old license, and accordingly, we have retained a copy of
our old license notice in the top-level files in each project and
repository.
llvm-svn: 351636
This updates the scan-build perl script to allow outputting to sarif in a more natural fashion by specifying -sarif as a command line argument, similar to how -plist is already supported.
llvm-svn: 349082
Summary:
This has been bothering me for a while, but only now i have actually looked into this.
I'm using one CI job for static analysis - clang static analyzers as compilers + clang-tidy via cmake.
And i'd like for the build to fail if at least one of those finds issues.
If clang-tidy finds issues, it will fail the build since the warnings-as-errors is set.
If static analyzer finds anything, since --status-bugs is set, it will fail the build.
But if clang-tidy find anything, but static analyzer does not, the build succeeds :/
Reviewers: sylvestre.ledru, alexfh, jroelofs, ygribov, george.karpenkov, krememek
Reviewed By: jroelofs
Subscribers: xazax.hun, szepet, a.sidorin, mikhail.ramalho, Szelethus, cfe-commits
Differential Revision: https://reviews.llvm.org/D52530
llvm-svn: 343105
Summary:
To exclude thirdparty code.
To test:
With /tmp/foo.c
```
void test() {
int x;
x = 1; // warn
}
```
```
$ scan-build --exclude non-existing/ --exclude /tmp/ -v gcc -c foo.c
scan-build: Using '/usr/lib/llvm-7/bin/clang' for static analysis
scan-build: Emitting reports for this run to '/tmp/scan-build-2018-09-16-214531-8410-1'.
foo.c:3:3: warning: Value stored to 'x' is never read
x = 1; // warn
^ ~
1 warning generated.
scan-build: File '/tmp/foo.c' deleted: part of an ignored directory.
scan-build: 0 bugs found.
```
Reviewers: jroelofs
Reviewed By: jroelofs
Subscribers: whisperity, cfe-commits
Differential Revision: https://reviews.llvm.org/D52153
llvm-svn: 342359
Ubigraph project has been dead since about 2008, and to the best of my
knowledge, no one was using it.
Previously, I wasn't able to launch the existing binary at all.
Differential Revision: https://reviews.llvm.org/D51655
llvm-svn: 341601
Found via codespell -q 3 -I ../clang-whitelist.txt
Where whitelist consists of:
archtype
cas
classs
checkk
compres
definit
frome
iff
inteval
ith
lod
methode
nd
optin
ot
pres
statics
te
thru
Patch by luzpaz! (This is a subset of D44188 that applies cleanly with a few
files that have dubious fixes reverted.)
Differential revision: https://reviews.llvm.org/D44188
llvm-svn: 329399
Autoconf and some other systems tend to add essential compilation
options to CC (e.g. -std=gnu99). When running such an auto-generated
makefile, scan-build does not need to change CC and CXX as they are
already set to use ccc-analyzer by a configure script.
Implement a new option --keep-cc as was proposed in this discussion:
http://lists.llvm.org/pipermail/cfe-dev/2013-September/031832.html
Patch by Paul Fertser!
llvm-svn: 323665
clang's -x option doesn't accept c-cpp-output as a language (even though
463eb6ab was merged, the driver still doesn't handle that).
This bug prevents testing C language projects when ccache is used.
Fixes#25851.
Investigation and patch by Dave Rigby.
llvm-svn: 323664
The scan-build script provided by clang can be used to detect defects in
code in the compile time. However, we discovered that the
"--target=<value>" flag in clang is not properly handled by this script,
which results in failures when analyzing projects that have used this
flag in their makefile.
This single line of change allows scan-build script to properly handle
the "--target=<value>" flag.
Patch by Haowei Wu
Differential Revision: https://reviews.llvm.org/D33263
llvm-svn: 304025
Summary:
This patch adds an option //--show-description// to add the defect description to the list of defect. This helps to get a better understanding of the defect without opening the page.
For example, this is used for Firefox:
https://people.mozilla.org/~sledru/reports/fx-scan-build/
Reviewers: rizsotto.mailinglist, zaks.anna
Subscribers: cfe-commits
Differential Revision: https://reviews.llvm.org/D22810
llvm-svn: 277328
to force debug build and hopefully enable more precise warnings.
Static Analyzer is much more efficient when built in debug mode
(-UNDEBUG) so we advice users to enable it manually. This may be
inconvenient in case of large complex projects (think about Linux
distros e.g. Android or Tizen). This patch adds a flag to scan-build
which inserts -UNDEBUG automatically.
Differential Revision: http://reviews.llvm.org/D16200
llvm-svn: 261204
Summary:
This patch is provided in preparation for removing autoconf on 1/26. The proposal to remove autoconf on 1/26 was discussed on the llvm-dev thread here: http://lists.llvm.org/pipermail/llvm-dev/2016-January/093875.html
"This is the way [autoconf] ends
Not with a bang but a whimper."
-T.S. Eliot
Reviewers: chandlerc, grosbach, bob.wilson, echristo
Subscribers: klimek, cfe-commits
Differential Revision: http://reviews.llvm.org/D16472
llvm-svn: 258862
Cwd::abs_path has a somewhat tricky semantics: if it's operand directory does not exist,
it'll return undefined (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=257568).
This may cause scan-build to silently ignore output directory (specified with -o) and
use /tmp instead of trying to create directory. This tiny patch fixes the problem.
A patch by Yury Gribov!
Differential Revision: http://reviews.llvm.org/D14535
llvm-svn: 252797
Frederic Cambus