Remove dependency on scan-build wrapper script for Clang analysis builds.

build/toolchain/clang_static_analyzer_wrapper.py

Index: build/toolchain/clang_static_analyzer_wrapper.py
diff --git a/build/toolchain/clang_static_analyzer_wrapper.py b/build/toolchain/clang_static_analyzer_wrapper.py
index cc13888f3c28ccda32266a3f7ca9e5996602cd5e..0a6f7a66c8370563d1f74e3d662780a6ecaeeb6c 100755
--- a/build/toolchain/clang_static_analyzer_wrapper.py
+++ b/build/toolchain/clang_static_analyzer_wrapper.py
@@ -1,61 +1,77 @@
 #!/usr/bin/env python
-# Copyright 2016 The Chromium Authors. All rights reserved.
+# Copyright 2017 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
-"""Invokes the Clang static analysis command using arguments provided on the
-command line.
+"""Adds a analysis build step to invocations of the Clang C/C++ compiler.

[Wez, 2017/02/03 08:05:00]

nit: "an"

[Kevin M, 2017/02/03 18:46:29]

Done.

+
+Usage: clang_static_analyzer_wrapper.py <compiler> [args...]
 """
 
 import argparse
 import fnmatch
+import itertools
 import os
-import shutil
 import sys
-import tempfile
-
 import wrapper_utils
 
+# Flags used to enable analysis for Clang invocations.
+analyzer_enable_flags = [
+    "--analyze",

[Wez, 2017/02/03 08:05:00]

nit: Not a biggie, but the other .py files in this directory use ' rather than "

+    "-fdiagnostics-show-option"
+]
+
+# Clang flags specifying which checkers should be run.
+# The full list of checkers can be found at
+# https://clang-analyzer.llvm.org/available_checks.html.
+analyzer_option_flags = [
+      "-analyzer-output=text",
+      "-analyzer-opt-analyze-nested-blocks",
+      "-analyzer-eagerly-assume",
+      "-analyzer-checker=core",
+      "-analyzer-checker=unix",
+      "-analyzer-checker=deadcode",
+      "-analyzer-checker=cplusplus",
+      "-analyzer-checker=security.insecureAPI.UncheckedReturn",
+      "-analyzer-checker=security.insecureAPI.getpw",
+      "-analyzer-checker=security.insecureAPI.gets",
+      "-analyzer-checker=security.insecureAPI.mktemp",
+      "-analyzer-checker=security.insecureAPI.mkstemp",
+      "-analyzer-checker=security.insecureAPI.vfork"]
+
 
 def main():
-  parser = argparse.ArgumentParser(description=__doc__)
-  parser.add_argument('--clang-cc-path',
-                      help='Path to the clang compiler.',
-                      metavar='PATH')
-  parser.add_argument('--clang-cxx-path',
-                      help='Path to the clang++ compiler',
-                      metavar='PATH')
-  parser.add_argument('--analyzer',
-                      help='Path to the language-specific Clang analysis tool.',
-                      required=True,
-                      metavar='PATH')
-  args, compile_args = parser.parse_known_args()
-
-  # Check that only one of --clang-cc-path or --clang-cxx-path are set.
-  assert ((args.clang_cc_path != None) != (args.clang_cxx_path != None))
-
-  is_cxx = args.clang_cxx_path != None
-  env = os.environ
-  env['CCC_ANALYZER_FORCE_ANALYZE_DEBUG_CODE'] = '0'
-  env['CCC_ANALYZER_OUTPUT_FORMAT'] = 'text'
-  clang_path = args.clang_cxx_path or args.clang_cc_path
-  if is_cxx:
-    env['CCC_CXX'] = clang_path
-    env['CLANG_CXX'] = clang_path
-  else:
-    env['CCC_CC'] = clang_path
-    env['CLANG'] = clang_path
-
-  # TODO(kmarshall): Place the summarized output in a useful directory.
-  temp_dir = tempfile.mkdtemp()
-  try:
-    env['CCC_ANALYZER_HTML'] = temp_dir
-    returncode, stderr = wrapper_utils.CaptureCommandStderr(
-        wrapper_utils.CommandToRun([args.analyzer] + compile_args), env)
-    sys.stderr.write(stderr)
-    return returncode
-  finally:
-    shutil.rmtree(temp_dir)
+  args = sys.argv[1:]
+  assert len(args) > 0

[Wez, 2017/02/03 08:05:00]

nit: Just |assert args| here?

[Kevin M, 2017/02/03 18:46:29]

Done.

+
+  # Interleave 'analyzer_option_flags' flags w/"-Xanalyzer" so that Clang
+  # passes them to the analysis tool.
+  # e.g. ["-analyzer-foo", "-analyzer-bar"] => ["-Xanalyzer", "-analyzer-foo",
+  #                                             "-Xanalyzer", "-analyzer-bar"]
+  interleaved_analyzer_flags = \
+      list(itertools.chain(*zip(["-Xanalyzer"] * len(analyzer_option_flags),

[Wez, 2017/02/03 08:05:00]

Can we line-wrap after "list(" to avoid the need for \ line continuation?

[Kevin M, 2017/02/03 18:46:29]

Done.

+                                                     analyzer_option_flags)))

[Wez, 2017/02/03 08:05:00]

I think you can write this more simply, e.g:

reduce(lambda x, y: x + ["-Xanalyzer", y], analyzer_option_flags, [])

or

list(itertools.chain(zip(itertools.repeat("-Xanalyzer"),
analyzer_options_flags)))

[Kevin M, 2017/02/03 18:46:29]

Done.

+
+  returncode, stderr = wrapper_utils.CaptureCommandStderr(
+      wrapper_utils.CommandToRun(args + analyzer_enable_flags +
+                                 interleaved_analyzer_flags))

[Wez, 2017/02/03 08:05:00]

What happens to any stdout output here?

[Kevin M, 2017/02/03 18:46:29]

Goes right to stdout. The stderr capturing feature comes in handy in the
followup CL in which I filter the analysis output.

[Wez, 2017/02/03 19:27:54]

Acknowledged.

+
+  # Post-process the analysis output and remove any errors for excluded files.

[Wez, 2017/02/03 08:05:00]

This should be a TODO?

[Kevin M, 2017/02/03 18:46:29]

Done.

+  sys.stderr.write(stderr)
+
+  if returncode != 0:
+    # The analyzer is a little buggy and can crash midway through an AST parse
+    # on otherwise buildable code.
+    # If it fails, we should recover gracefully and continue with the build.
+    sys.stderr.write(
+        "WARNING: Clang analyzer exited with return code %d.\n" % (returncode))
+
+  # Build the object file.
+  returncode, stderr = wrapper_utils.CaptureCommandStderr(
+    wrapper_utils.CommandToRun(args))
+
+  sys.stderr.write(stderr)
+  return returncode
 
 if __name__ == "__main__":
   sys.exit(main())