It would be great to have an EWS bot that ran patches through the Clang static analyzer. Then we could find issues even before the patch is landed!
<rdar://problem/10193189>
How do I run the clang static analyzer?
There are generic instructions on <http://clang-analyzer.llvm.org/scan-build.html>. I'm not sure what the specific process would be for WebKit.
See also bug 68908.
Thakis is working on switching the webkit.org build of Chromium Mac to use clang, which seems related. (The chromium.org version already uses clang.) I'm pretty ignorant about this topic, but I think that will help here.
I wonder if something as simple as "scan-build build-webkit" would work?
abarth@quadzen:~/svn/webkit$ scan-build build-webkit -bash: scan-build: command not found ^^^ Maybe I need Lion?
I don't seem to have a "scan-build" binary either. I do notice that clang supports an --analyze flag. I guess we should figure out how Xcode drives clang for static analysis.
It looks like Xcode is just calling "clang --analyze" (with loads of other options appropriate for the project, of course).
scan-build is just a perl script - it's available from the clang svn repository.
Supposedly this will do it (for a single project, of course): xcodebuild RUN_CLANG_STATIC_ANALYZER=YES
scan-build isn't distributed anywhere I know of, but it can be checked out from the clang svn repo here: http://llvm.org/viewvc/llvm-project/cfe/trunk/tools/scan-build/ As of 2011-11-30, the analyzer doesn't understand RAII and smart pointers ( http://llvm.org/bugs/show_bug.cgi?id=11425#c1 ), which makes it not very useful for c++ projects in my experience. As far as I know, this is still true today.
It's distributed as part of Xcode, and is incredibly effective at finding issues in code that makes use of Objective-C and CF. It's effectiveness in C++ code will only increase over time.
If it's a Mac thing, then it should be straightforward to run on the mac-ews. Sorry for the ignorant question, but does "xcodebuild RUN_CLANG_STATIC_ANALYZER=YES" generate a compiled binary, or just run the analysis? If the analysis step is separate, we might want to run the analysis on separate bots to avoid slowing down the mac-ews.
It both compiles and runs the analysis.
Ok. Maybe the thing to do is to add a --analyze flag to build-webkit that runs the analysis together with building. thakis warned me in IRC that the static analysis can be much slower than the normal compile, so we'll want to make sure we have enough machine bandwidth.