scan-build
Analyze code for static analysis defects
TLDR
Build and analyze the project in the current directory
Run a command and pass all subsequent options to it
Display help
SYNOPSIS
scan-build [options]
PARAMETERS
-h, --help
Display a summary of command-line options.
-v
Enable verbose output.
-o
Specify the output directory for the HTML report. Defaults to '/tmp/scan-build-YYYY-MM-DD-HHMMSS-
-k
Keep going after errors occur during the build.
-V
Print the version of scan-build and exit.
-store-config
Stores the analyzer configuration setting.
-use-cc
Specifies the C compiler to use.
-use-c++
Specifies the C++ compiler to use.
-plist
Generate plist files instead of HTML reports.
-quiet
Suppresses output from the static analyzer.
-maxloop
Limit the maximum number of times a loop is unrolled
DESCRIPTION
The `scan-build` command is a command-line utility that simplifies the process of performing static analysis on software projects during their build process. It works by intercepting compiler invocations, running the Clang Static Analyzer on each compilation unit, and then presenting the analysis results in an HTML report. This allows developers to identify potential bugs and vulnerabilities, such as memory leaks, null pointer dereferences, and other common programming errors, early in the development cycle. Instead of running the static analyzer manually on each file, `scan-build` automates the process, making it easier to integrate static analysis into a project's build system. It effectively wraps the build process and runs the Clang Static Analyzer, displaying the findings in an organized way. It supports projects built with `make`, `xcodebuild` and other build systems.
CAVEATS
The build command should not have side-effects. Because `scan-build` intercepts compiler invocations, the build might be slower than a regular build.
HTML REPORT
The HTML report generated by `scan-build` presents the analysis results in a navigable format. Each identified issue is presented with a detailed description, source code location, and a call path that led to the error. This report helps developers understand the context of the issue and quickly locate the problematic code.
The report also include steps to reproduce issues which is very useful.
INTEGRATION WITH BUILD SYSTEMS
The command is designed to seamlessly integrate with various build systems such as `make` and `xcodebuild`. It simply needs to be prepended to the build command. For example, `scan-build make` or `scan-build xcodebuild`
HISTORY
The `scan-build` tool was developed as part of the LLVM project and the Clang Static Analyzer. It provides a user-friendly interface for running the static analyzer and interpreting its results. Its development was driven by the need to make static analysis more accessible and easier to integrate into existing development workflows. It has evolved over time with improvements to the Clang Static Analyzer, supporting new analysis techniques and improved reporting.
SEE ALSO
clang(1), clang-static-analyzer(1)