Boost :

Subject: [boost] clang AST based static analysers - Booster's experience
From: Niall Douglas (ndouglas_at_[hidden])
Date: 2013-07-23 12:57:27

• Next message: Niall Douglas: "Re: [boost] Patch bonanza for VS2013 Preview support"
• Previous message: Daniela Engert: "Re: [boost] [build][msvc] create PDBs"

Dear Boost Devs,

I was wondering what the experience of the list is with clang AST based
static analysers? They need not be clang AST based of course, so long as
they are based on the frontend of a real compiler rather than trying their
own implementation based on regex or something even worse.

For this list's information, here are the three clang AST based static
analysers I know of:

1. Clang's static analyser http://clang-analyzer.llvm.org/

2. OCLint http://oclint.org/

3. The commercial tool CppDepend can now use a clang AST
(http://blog.llvm.org/2013/04/static-analysis-tools-using-clang-in.html).

Some quick notes of mine which may be of dubious accuracy:

Clang's static analyser is the more mature tool, but according to
http://code.google.com/p/chromium/wiki/ClangStaticAnalyzer which was updated
Mar 2013 it feels its default bundled C++ tests is lacking. The real
strength in the clang static analyser is for writing your own tests
(http://clang-analyzer.llvm.org/checker_dev_manual.html) which enforce
specific coding patterns or constraints (usually on others, and usually
pre-commit with commit rejection if fail).

OCLint is a newer tool, but appears to have fuller support for C++
(http://docs.oclint.org/en/dev/rules/index.html), though many of those rules
appear to check C syntax only (which also covers Objective C). Similar to
clang's static analyser, new custom rules are easy to write
(http://docs.oclint.org/en/dev/internals/rules.html). This project, at least
from the outside, seems to have more legs than clang's static analyser.

CppDepend I have no experience of, but there is a reasonably positive review
at http://www.asawicki.info/news_1511_cppdepend.html. One of the CppDepend
developers talks about how they added clang's AST at
http://www.codeproject.com/Articles/475254/ClangplusRocks.

Niall

---
Opinions expressed here are my own and do not necessarily represent those of
BlackBerry Inc.

• application/pkcs7-signature attachment: smime.p7s

• Next message: Niall Douglas: "Re: [boost] Patch bonanza for VS2013 Preview support"
• Previous message: Daniela Engert: "Re: [boost] [build][msvc] create PDBs"

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk