Endre =?utf-8?q?Fülöp?= <endre.fu...@sigmatechnology.com>, Endre =?utf-8?q?Fülöp?= <endre.fu...@sigmatechnology.com>, Endre =?utf-8?q?Fülöp?= <endre.fu...@sigmatechnology.com>, Endre =?utf-8?q?Fülöp?= <endre.fu...@sigmatechnology.com>, Endre =?utf-8?q?Fülöp?= <endre.fu...@sigmatechnology.com>, Endre =?utf-8?q?Fülöp?= <endre.fu...@sigmatechnology.com>, Endre =?utf-8?q?Fülöp?= <endre.fu...@sigmatechnology.com>, Endre =?utf-8?q?Fülöp?= <endre.fu...@sigmatechnology.com>, Endre =?utf-8?q?Fülöp?= <endre.fu...@sigmatechnology.com>, Endre =?utf-8?q?Fülöp?= <endre.fu...@sigmatechnology.com> Message-ID: In-Reply-To: <llvm.org/llvm/llvm-project/pull/97...@github.com>
================ @@ -0,0 +1,239 @@ +Command Line Usage: scan-build and CodeChecker +============================================== + +This document provides guidelines for running Clang Static Analyzer from the command line on whole projects. +CodeChecker and scan-build are two CLI tools for using CSA on multiple files (tranlation units). +Both provide a way of driving the analyzer, detecting compilation flags, and generating reports. +CodeChecker is more actively maintained, provides heuristics for working with multiple versions of popular compilers and it also comes with a web-based GUI for viewing, filtering, categorizing and suppressing the results. +Therefore CodeChecker is recommended in case you need any of the above features or just more customizability in general. + +Comparison of CodeChecker and scan-build +---------------------------------------- + +Static Analyzer is by design a GUI tool originally intended to be consumed by the XCode IDE. ---------------- haoNoQ wrote: Tautologically speaking, the phrasing "originally intended" has a hard time becoming false. But it's still probably true that the static analyzer is "best used" at your desk through an IDE integration, where you naturally have access to the rest of the semantic information that you need to truly confirm or deny the reports. We aren't a tool that understands your code texturally - we're a tool that understands your code precisely, the same way that the compiler would, and every bit of that understanding can matter. Another part of this is, the tool is poorly predictable. Minor changes in the code can affect the output on completely unrelated parts of the code, and minor changes in the compiler can also yield unpredictable outcomes. This makes it hard to use the static analyzer as a "hard requirement" for your software, typically associated with CI use. https://github.com/llvm/llvm-project/pull/97034 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
