scan-build is a command line utility that enables a user to run the static analyzer over their codebase as part of performing a regular build (from the command line).
Patterns to include in reports.
Note: The input patterns are not applied when running scan-build since scan-build performs a regular build to analyze and the files excluded by the patterns may be required for the build. Therefore, the files excluded by the patterns are always processed and you may even see logs related to the excluded files in the job console. However, Inspecode eventually ignores any issues detected on the excluded files when generating job reports.
Patterns to exclude from reports.
Note: Just like
input:, the ignore patterns are not applied when running scan-build.
Amount of CPU. The default machine has
0.75 CPU with
2880 MiB RAM.
Below is the list of options that are supported:
OPTIONS: -analyze-headers Also analyze functions in #included files. By default, such functions are skipped unless they are called by functions within the main source file. --force-analyze-debug-code Tells analyzer to enable assertions in code even if they were disabled during compilation to enable more precise results. -k --keep-going Add a "keep on going" option to the specified build command. This option currently supports make and xcodebuild. This is a convenience option; one can specify this behavior directly using build options. --keep-cc Do not override CC and CXX make variables. Useful when running make in autoconf-based (and similar) projects where configure can add extra flags to those variables. --exclude <path> Do not run static analyzer against files found in this directory (You can specify this option multiple times). Could be useful when project contains 3rd party libraries. --use-cc [compiler path] --use-cc=[compiler path] scan-build analyzes a project by interposing a "fake compiler", which executes a real compiler for compilation and the static analyzer for analysis. Because of the current implementation of interposition, scan-build does not know what compiler your project normally uses. Instead, it simply overrides the CC environment variable, and guesses your default compiler. In the future, this interposition mechanism to be improved, but if you need scan-build to use a specific compiler for *compilation* then you can use this option to specify a path to that compiler. If the given compiler is a cross compiler, you may also need to provide --analyzer-target option to properly analyze the source code because static analyzer runs as if the code is compiled for the host machine by default. --use-c++ [compiler path] --use-c++=[compiler path] This is the same as "--use-cc" but for C++ code. --analyzer-target [target triple name for analysis] --analyzer-target=[target triple name for analysis] This provides target triple information to clang static analyzer. It only changes the target for analysis but doesn't change the target of a real compiler given by --use-cc and --use-c++ options. ADVANCED OPTIONS: -maxloop <loop count> Specify the number of times a block can be visited before giving up. Default is 4. Increase for more comprehensive coverage at a cost of speed. CONTROLLING CHECKERS: A default group of checkers are always run unless explicitly disabled. Checkers may be enabled/disabled using the following options: -enable-checker [checker name] -disable-checker [checker name]
-- option is also supported to specify your build commands.
No tool specific severity levels are available.
Note: The incremental analysis cannot be supported for scan-build. This is because scan-build performs a regular build with requiring all build dependencies and the results on unchanged files can be affected by changed files.
With default options:
inspecode: scan-build: default
With custom machine:
inspecode: scan-build: machine: cpu: 1.5 # 1.5 CPU, 5760 MiB RAM
With custom options:
inspecode: scan-build: options: - -k - --: ./configure - --: [make, mytarget]
With the above configuration, Inspecode runs scan-build twice as shown below:
scan-build -k ./configure scan-build -k make mytarget
If no build commands are explicitly specified via
-- option such as when using
default built-in configuration, Inspecode recursively scans your repository to detect project directories enabling one of the following build systems, and then run build commands at each directory accordingly.
cmake . && make)
./configure && make)
If the automatic detection does not suit your project, explicitly specify build commands via
scan-build requires all build dependencies to run, so Inspecode tries to download dependencies before running scan-build:
.gitmodulesis placed at the root of your repository, runs
git submodule update --init --recursive
As of now, Inspecode can download:
Note: If resolving dependencies fails due to some reasons, you can see the error log, however, Inspecode continues the process unless running scan-build itself fails.