Index: docs/clang_static_analyzer.md |
diff --git a/docs/clang_static_analyzer.md b/docs/clang_static_analyzer.md |
new file mode 100644 |
index 0000000000000000000000000000000000000000..84179f87dedeedd115368bcf2eb2cec249f9fe6e |
--- /dev/null |
+++ b/docs/clang_static_analyzer.md |
@@ -0,0 +1,56 @@ |
+See the [official clang static analyzer page](http://clang-analyzer.llvm.org/) for background. |
+ |
+We don't run this regularly (because the analyzer's [support for C++ isn't great yet](http://clang-analyzer.llvm.org/dev_cxx.html)), so everything on this page is likely broken. The last time I checked, the analyzer reported mostly uninteresting things. This assumes you're [building chromium with clang](Clang.md). |
+ |
+You need an llvm checkout to get `scan-build` and `scan-view`; the easiest way to get that is to run |
+``` |
+tools/clang/scripts/update.sh --force-local-build --without-android |
+``` |
+ |
+## With make |
+ |
+To build base, if you use the make build: |
+ |
+``` |
+builddir_name=out_analyze \ |
+PATH=$PWD/third_party/llvm-build/Release+Asserts/bin:$PATH \ |
+third_party/llvm/tools/clang/tools/scan-build/scan-build \ |
+ --keep-going --use-cc clang --use-c++ clang++ \ |
+ make -j8 base |
+``` |
+ |
+(`builddir_name` is set to force a clobber build.) |
+ |
+Once that's done, run `third_party/llvm/tools/clang/tools/scan-view/scan-view` to see the results; pass in the pass that `scan-build` outputs. |
+ |
+## With ninja |
+ |
+scan-build does its stuff by mucking with $CC/$CXX, which ninja ignores. gyp does look at $CC/$CXX however, so you need to first run gyp\_chromium under scan-build: |
+``` |
+time GYP_GENERATORS=ninja \ |
+GYP_DEFINES='component=shared_library clang_use_chrome_plugins=0 mac_strip_release=0 dcheck_always_on=1' \ |
+third_party/llvm/tools/clang/tools/scan-build/scan-build \ |
+ --use-analyzer $PWD/third_party/llvm-build/Release+Asserts/bin/clang \ |
+ build/gyp_chromium -Goutput_dir=out_analyze |
+``` |
+You then need to run the build under scan-build too, to get a HTML report: |
+``` |
+time third_party/llvm/tools/clang/tools/scan-build/scan-build \ |
+ --use-analyzer $PWD/third_party/llvm-build/Release+Asserts/bin/clang \ |
+ ninja -C out_analyze/Release/ base |
+``` |
+Then run `scan-view` as described above. |
+ |
+## Known False Positives |
+ |
+ * http://llvm.org/bugs/show_bug.cgi?id=11425 |
+ |
+## Stuff found by the static analyzer |
+ |
+ * http://code.google.com/p/skia/issues/detail?id=399 |
+ * http://code.google.com/p/skia/issues/detail?id=400 |
+ * http://codereview.chromium.org/8308008/ |
+ * http://codereview.chromium.org/8313008/ |
+ * http://codereview.chromium.org/8308009/ |
+ * http://codereview.chromium.org/10031018/ |
+ * https://codereview.chromium.org/12390058/ |