1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
2 "http://www.w3.org/TR/html4/strict.dtd">
5 <title>Clang Static Analyzer</title>
6 <link type="text/css" rel="stylesheet" href="menu.css" />
7 <link type="text/css" rel="stylesheet" href="content.css" />
11 <!--#include virtual="menu.html.incl"-->
15 <h1>Clang Static Analyzer</h1>
17 <p>The Clang Static Analyzer consists of both a source code analysis framework
18 and a standalone tool that finds bugs in C and Objective-C programs. The
19 standalone tool is invoked from the command-line, and is intended to run in
20 tandem with a build of a project or code base.</p>
22 <p>Both are 100% open source and are part of the <a
23 href="http://clang.llvm.org">Clang</a> project.</p>
25 <!-- Generated from: http://www.spiffycorners.com/index.php -->
27 <style type="text/css">
28 .spiffy{display:block}
40 border-left:1px solid #f6f8fc;
41 border-right:1px solid #f6f8fc;
48 border-left:1px solid #fdfdfe;
49 border-right:1px solid #fdfdfe;
54 border-left:1px solid #eef2fa;
55 border-right:1px solid #eef2fa;}
57 border-left:1px solid #f6f8fc;
58 border-right:1px solid #f6f8fc}
60 border-left:1px solid #f0f3fb;
61 border-right:1px solid #f0f3fb}
66 margin:0px; padding:10px;
70 <style type="text/css">
72 #left h2 { margin:1px; padding-top:0px; }
73 #right { float:left; margin-left:20px; margin-right:20px; padding:0px ;}
74 #right h2 { padding:0px; margin:0px; }
75 #wrappedcontent { padding:15px;}
78 <div style="padding:0px">
80 <b class="spiffy1"><b></b></b>
81 <b class="spiffy2"><b></b></b>
82 <b class="spiffy3"></b>
83 <b class="spiffy4"></b>
84 <b class="spiffy5"></b></b>
85 <div class="spiffyfg">
86 <div style="padding:15px">
87 <h2 style="padding:0px; margin:0px">Download</h2>
88 <h3 style="margin-top:5px">Mac OS X</h3>
90 <li>Latest build (Universal binary, 10.5+):
91 <!--#include virtual="latest_checker.html.incl"-->
93 <li><a href="/installation.html">Installation</a> and <a
94 href="/scan-build.html">usage</a></li>
96 <h3>Other Platforms</h3>
97 <p>For other platforms, please follow the instructions for <a
98 href="/installation#OtherPlatforms">building the analyzer</a> from
103 <b class="spiffy5"></b>
104 <b class="spiffy4"></b>
105 <b class="spiffy3"></b>
106 <b class="spiffy2"><b></b></b>
107 <b class="spiffy1"><b></b></b></b>
110 <h2 id="StaticAnalysis">What is Static Analysis?</h2>
112 <p>The term "static analysis" is conflated, but here we use it to mean
113 a collection of algorithms and techniques used to analyze source code in order
114 to automatically find bugs. The idea is similar in spirit to compiler warnings
115 (which can be useful for finding coding errors) but to take that idea a step
116 further and find bugs that are traditionally found using run-time debugging
117 techniques such as testing.</p>
119 <p>Static analysis bug-finding tools have evolved over the last several decades
120 from basic syntactic checkers to those that find deep bugs by reasoning about
121 the semantics of code. The goal of the Clang Static Analyzer is to provide a
122 industrial-quality static analysis framework for analyzing C and Objective-C
123 programs that is freely available, extensible, and has a high quality of
126 <h3 id="Clang">Part of Clang and LLVM</h3>
128 <p>As its name implies, the Clang Static Analyzer is built on top of <a
129 href="http://clang.llvm.org">Clang</a> and <a href="http://llvm.org">LLVM</a>.
130 Strictly speaking, the analyzer is part of Clang, as Clang consists of a set of
131 reusable C++ libraries for building powerful source-level tools. The static
132 analysis engine used by the Clang Static Analyzer is a Clang library, and has
133 the capability to be reused in different contexts and by different clients.</p>
135 <h2>Important Points to Consider</h2>
137 <p>While we believe that the static analyzer is already very useful for finding
138 bugs, we ask you to bear in mind a few points when using it.</p>
140 <h3>Work-in-Progress</h3>
142 <p>The analyzer is a continuous work-in-progress.
143 There are many planned enhancements to improve both the precision and scope of
144 its analysis algorithms as well as the kinds bugs it will find. While there are
145 fundamental limitations to what static analysis can do, we have a long way to go
146 before hitting that wall.</p>
148 <h3>Slower than Compilation</h3>
150 <p>Operationally, using static analysis to
151 automatically find deep program bugs is about trading CPU time for the hardening
152 of code. Because of the deep analysis performed by state-of-the-art static
153 analysis tools, static analysis can be much slower than compilation.</p>
155 <p>While the Clang Static Analyzer is being designed to be as fast and
156 light-weight as possible, please do not expect it to be as fast as compiling a
157 program (even with optimizations enabled). Some of the algorithms needed to find
158 bugs require in the worst case exponential time.</p>
160 <p>The Clang Static Analyzer runs in a reasonable amount of time by both
161 bounding the amount of checking work it will do as well as using clever
162 algorithms to reduce the amount of work it must do to find bugs.</p></li>
164 <h3>False Positives</h3>
166 <p>Static analysis is not perfect. It can falsely flag bugs in a program where
167 the code behaves correctly. Because some code checks require more analysis
168 precision than others, the frequency of false positives can vary widely between
169 different checks. Our long-term goal is to have the analyzer have a low false
170 positive rate for most code on all checks.</p>
172 <p>Please help us in this endeavor by <a href="filing_bugs.html">reporting false
173 positives</a>. False positives cannot be addressed unless we know about
178 <p>Static analysis is not magic; a static analyzer can only find bugs that it
179 has been specifically engineered to find. If there are specific kinds of bugs
180 you would like the Clang Static Analyzer to find, please feel free to
181 file <a href="filing_bugs.html">feature requests</a> or contribute your own