Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Static analyser issues with command line tools

We have automated the builds of our current project by using TeamCity/Command Line Tools. To be sure to catch as much potential issues as possible, we have set the project to use the static analyser for each build. Several 3rd-party classes were flagged by the analyser so we excluded the dubious classes by flagging them with:

-w -Xanalyzer -analyzer-disable-checker

Everything works as expected when compiled in Xcode (tested with 4.6.3 and 5.0.1).

But when compiled on the TeamCity server, we're getting the following error for each excluded 3rd-party file:

__PIC__ level differs in PCH file vs. current fileerror: __PIC__ level differs in PCH file vs. current file2 errors generated.

The error goes away if we remove the -Xanalyzer -analyzer-disable-checker tags (but of course in this case we get the analyser warnings back).

The same error occurs if we compile using AppCode which makes me thinking this is somehow related to the command line tools, both AppCode and the TeamCity server using them to compile the builds.

The TeamCity server uses Xcode 4's command line tools and I've tried AppCode with both Xcode 4's and 5's.

When trying with AppCode using Xcode 5's command line tools the error differs slightly (once again, one for each excluded class):

error reading 'pic'
no analyzer checkers are associated with '-mrelocation-model'

So, the question: does anyone have any idea how to get rid of this error while suppressing the analyser warnings for specific classes when using command line tools (if command line tools are indeed at fault here)?

like image 884
gillesguillemin Avatar asked Nov 08 '13 15:11

gillesguillemin


People also ask

Which tool is used for static code analysis?

Source code analysis tools, also known as Static Application Security Testing (SAST) Tools, can help analyze source code or compiled versions of code to help find security flaws. SAST tools can be added into your IDE. Such tools can help you detect issues during software development.

What do static analysis tools analyze?

Static analysis tools refer to a wide array of tools that examine source code, executables, or even documentation, to find problems before they happen; without actually running the code.

How can static analysis be improved?

Machine Learning and Static AnalysisApplying coding standards, such as MISRA, AUTOSAR, and OWASP. Enforcing coding best practices. Identifying coding errors earlier in development — saving both time and money. Eliminating security vulnerabilities.

Which is an advantage of static analysis tools?

Static code analysis advantages:It allows a quicker turn around for fixes. It is relatively fast if automated tools are used. Automated tools can scan the entire code base. Automated tools can provide mitigation recommendations, reducing the research time.


1 Answers

I just ran into this issue and assume it is a bug with Clang. I think I found a workaround though.

Try replacing this

-w -Xanalyzer -analyzer-disable-checker

with this ridiculously long line (keep scrolling to the right to see it all):

-w -Xanalyzer -analyzer-disable-checker -Xanalyzer alpha -Xanalyzer -analyzer-disable-checker -Xanalyzer core -Xanalyzer -analyzer-disable-checker -Xanalyzer cplusplus -Xanalyzer -analyzer-disable-checker -Xanalyzer deadcode -Xanalyzer -analyzer-disable-checker -Xanalyzer debug -Xanalyzer -analyzer-disable-checker -Xanalyzer llvm -Xanalyzer -analyzer-disable-checker -Xanalyzer osx -Xanalyzer -analyzer-disable-checker -Xanalyzer security -Xanalyzer -analyzer-disable-checker -Xanalyzer unix -Xanalyzer -analyzer-disable-checker -Xanalyzer insecureAPI

OK, so here is how I got to that. It looks like Clang has a hierarchy of "Static Analyzer Checkers" and you can disable them individually or by group.

As an example the DeadStore checker is "deadcode.DeadStores" so you can disable it like this:

-Xanalyzer -analyzer-disable-checker -Xanalyzer deadcode.DeadStores

Alternatively you can disable ALL deadcode related checkers by specifying just "deadcode" like this:

-Xanalyzer -analyzer-disable-checker -Xanalyzer deadcode

You can get a list of all the checkers with this command:

clang -cc1 -analyzer-checker-help

It currently outputs the following:

OVERVIEW: Clang Static Analyzer Checkers List

USAGE: -analyzer-checker <CHECKER or PACKAGE,...>

CHECKERS:
  alpha.core.BoolAssignment       Warn about assigning non-{0,1} values to Boolean variables
  alpha.core.CastSize             Check when casting a malloc'ed type T, whether the size is a multiple of the size of T
  alpha.core.CastToStruct         Check for cast from non-struct pointer to struct pointer
  alpha.core.FixedAddr            Check for assignment of a fixed address to a pointer
  alpha.core.PointerArithm        Check for pointer arithmetic on locations other than array elements
  alpha.core.PointerSub           Check for pointer subtractions on two pointers pointing to different memory chunks
  alpha.core.SizeofPtr            Warn about unintended use of sizeof() on pointer expressions
  alpha.cplusplus.NewDeleteLeaks  Check for memory leaks. Traces memory managed by new/delete.
  alpha.cplusplus.VirtualCall     Check virtual function calls during construction or destruction
  alpha.deadcode.IdempotentOperations
                                  Warn about idempotent operations
  alpha.deadcode.UnreachableCode  Check unreachable code
  alpha.osx.cocoa.Dealloc         Warn about Objective-C classes that lack a correct implementation of -dealloc
  alpha.osx.cocoa.DirectIvarAssignment
                                  Check for direct assignments to instance variables
  alpha.osx.cocoa.DirectIvarAssignmentForAnnotatedFunctions
                                  Check for direct assignments to instance variables in the methods annotated with objc_no_direct_instance_variable_assignment
  alpha.osx.cocoa.InstanceVariableInvalidation
                                  Check that the invalidatable instance variables are invalidated in the methods annotated with objc_instance_variable_invalidator
  alpha.osx.cocoa.MissingInvalidationMethod
                                  Check that the invalidation methods are present in classes that contain invalidatable instance variables
  alpha.osx.cocoa.MissingSuperCall
                                  Warn about Objective-C methods that lack a necessary call to super
  alpha.security.ArrayBound       Warn about buffer overflows (older checker)
  alpha.security.ArrayBoundV2     Warn about buffer overflows (newer checker)
  alpha.security.MallocOverflow   Check for overflows in the arguments to malloc()
  alpha.security.ReturnPtrRange   Check for an out-of-bound pointer being returned to callers
  alpha.security.taint.TaintPropagation
                                  Generate taint information used by other checkers
  alpha.unix.Chroot               Check improper use of chroot
  alpha.unix.MallocWithAnnotations
                                  Check for memory leaks, double free, and use-after-free problems. Traces memory managed by malloc()/free(). Assumes that all user-defined functions which might free a pointer are annotated.
  alpha.unix.PthreadLock          Simple lock -> unlock checker
  alpha.unix.SimpleStream         Check for misuses of stream APIs
  alpha.unix.Stream               Check stream handling functions
  alpha.unix.cstring.BufferOverlap
                                  Checks for overlap in two buffer arguments
  alpha.unix.cstring.NotNullTerminated
                                  Check for arguments which are not null-terminating strings
  alpha.unix.cstring.OutOfBounds  Check for out-of-bounds access in string functions
  core.CallAndMessage             Check for logical errors for function calls and Objective-C message expressions (e.g., uninitialized arguments, null function pointers)
  core.DivideZero                 Check for division by zero
  core.DynamicTypePropagation     Generate dynamic type information
  core.NonNullParamChecker        Check for null pointers passed as arguments to a function whose arguments are references or marked with the 'nonnull' attribute
  core.NullDereference            Check for dereferences of null pointers
  core.StackAddressEscape         Check that addresses to stack memory do not escape the function
  core.UndefinedBinaryOperatorResult
                                  Check for undefined results of binary operators
  core.VLASize                    Check for declarations of VLA of undefined or zero size
  core.builtin.BuiltinFunctions   Evaluate compiler builtin functions (e.g., alloca())
  core.builtin.NoReturnFunctions  Evaluate "panic" functions that are known to not return to the caller
  core.uninitialized.ArraySubscript
                                  Check for uninitialized values used as array subscripts
  core.uninitialized.Assign       Check for assigning uninitialized values
  core.uninitialized.Branch       Check for uninitialized values used as branch conditions
  core.uninitialized.CapturedBlockVariable
                                  Check for blocks that capture uninitialized values
  core.uninitialized.UndefReturn  Check for uninitialized values being returned to the caller
  cplusplus.NewDelete             Check for double-free and use-after-free problems. Traces memory managed by new/delete.
  deadcode.DeadStores             Check for values stored to variables that are never read afterwards
  debug.ConfigDumper              Dump config table
  debug.DumpCFG                   Display Control-Flow Graphs
  debug.DumpCallGraph             Display Call Graph
  debug.DumpCalls                 Print calls as they are traversed by the engine
  debug.DumpDominators            Print the dominance tree for a given CFG
  debug.DumpLiveVars              Print results of live variable analysis
  debug.DumpTraversal             Print branch conditions as they are traversed by the engine
  debug.ExprInspection            Check the analyzer's understanding of expressions
  debug.Stats                     Emit warnings with analyzer statistics
  debug.TaintTest                 Mark tainted symbols as such.
  debug.ViewCFG                   View Control-Flow Graphs using GraphViz
  debug.ViewCallGraph             View Call Graph using GraphViz
  llvm.Conventions                Check code for LLVM codebase conventions
  osx.API                         Check for proper uses of various Apple APIs
  osx.SecKeychainAPI              Check for proper uses of Secure Keychain APIs
  osx.cocoa.AtSync                Check for nil pointers used as mutexes for @synchronized
  osx.cocoa.ClassRelease          Check for sending 'retain', 'release', or 'autorelease' directly to a Class
  osx.cocoa.IncompatibleMethodTypes
                                  Warn about Objective-C method signatures with type incompatibilities
  osx.cocoa.Loops                 Improved modeling of loops using Cocoa collection types
  osx.cocoa.NSAutoreleasePool     Warn for suboptimal uses of NSAutoreleasePool in Objective-C GC mode
  osx.cocoa.NSError               Check usage of NSError** parameters
  osx.cocoa.NilArg                Check for prohibited nil arguments to ObjC method calls
  osx.cocoa.NonNilReturnValue     Model the APIs that are guaranteed to return a non-nil value
  osx.cocoa.RetainCount           Check for leaks and improper reference count management
  osx.cocoa.SelfInit              Check that 'self' is properly initialized inside an initializer method
  osx.cocoa.UnusedIvars           Warn about private ivars that are never used
  osx.cocoa.VariadicMethodTypes   Check for passing non-Objective-C types to variadic collection initialization methods that expect only Objective-C types
  osx.coreFoundation.CFError      Check usage of CFErrorRef* parameters
  osx.coreFoundation.CFNumber     Check for proper uses of CFNumberCreate
  osx.coreFoundation.CFRetainRelease
                                  Check for null arguments to CFRetain/CFRelease/CFMakeCollectable
  osx.coreFoundation.containers.OutOfBounds
                                  Checks for index out-of-bounds when using 'CFArray' API
  osx.coreFoundation.containers.PointerSizedValues
                                  Warns if 'CFArray', 'CFDictionary', 'CFSet' are created with non-pointer-size values
  security.FloatLoopCounter       Warn on using a floating point value as a loop counter (CERT: FLP30-C, FLP30-CPP)
  security.insecureAPI.UncheckedReturn
                                  Warn on uses of functions whose return values must be always checked
  security.insecureAPI.getpw      Warn on uses of the 'getpw' function
  security.insecureAPI.gets       Warn on uses of the 'gets' function
  security.insecureAPI.mkstemp    Warn when 'mkstemp' is passed fewer than 6 X's in the format string
  security.insecureAPI.mktemp     Warn on uses of the 'mktemp' function
  security.insecureAPI.rand       Warn on uses of the 'rand', 'random', and related functions
  security.insecureAPI.strcpy     Warn on uses of the 'strcpy' and 'strcat' functions
  security.insecureAPI.vfork      Warn on uses of the 'vfork' function
  unix.API                        Check calls to various UNIX/Posix functions
  unix.Malloc                     Check for memory leaks, double free, and use-after-free problems. Traces memory managed by malloc()/free().
  unix.MallocSizeof               Check for dubious malloc arguments involving sizeof
  unix.MismatchedDeallocator      Check for mismatched deallocators.
  unix.cstring.BadSizeArg         Check the size argument passed into C string functions for common erroneous patterns
  unix.cstring.NullArg            Check for null pointers being passed as arguments to C string functions

The long command line I provided above in my answer disables all 9 top level checkers: alpha, core, cplusplus, deadcode, debug, llvm, osx, security, and unix PLUS "insecureAPI" based on the comments below as it seems disabling security doesn't also disable security.insecureAPI.

Hopefully this is equivalent to not running the analyzer at all.

For more info see the Checker Developer Manual here: http://clang-analyzer.llvm.org/checker_dev_manual.html

like image 77
Mike Vosseller Avatar answered Oct 19 '22 11:10

Mike Vosseller