Home Explore Help
Register Sign In
FangSoftSoft
/
clang
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
clang
/
docs
/
analyzer
/
user-docs
/
CrossTranslationUnit.rst

CrossTranslationUnit.rst 6.4 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193 
  1. =====================================
    2. 

  2. Cross Translation Unit (CTU) Analysis
    3. 

  3. =====================================
    4. 

  4. 

  5. Normally, static analysis works in the boundary of one translation unit (TU).
    6. 

  6. However, with additional steps and configuration we can enable the analysis to inline the definition of a function from another TU.
    7. 

  7. 

  8. .. contents::
    9. 

  9.    :local:
    10. 

  10. 

  11. Manual CTU Analysis
    12. 

  12. -------------------
    13. 

  13. 

  14. Let's consider these source files in our minimal example:
    15. 

  15. 

  16. .. code-block:: cpp
    17. 

  17. 

  18.   // main.cpp
    19. 

  19.   int foo();
    20. 

  20. 

  21.   int main() {
    22. 

  22.     return 3 / foo();
    23. 

  23.   }
    24. 

  24. 

  25. .. code-block:: cpp
    26. 

  26. 

  27.   // foo.cpp
    28. 

  28.   int foo() {
    29. 

  29.     return 0;
    30. 

  30.   }
    31. 

  31. 

  32. And a compilation database:
    33. 

  33. 

  34. .. code-block:: bash
    35. 

  35. 

  36.   [
    37. 

  37.     {
    38. 

  38.       "directory": "/path/to/your/project",
    39. 

  39.       "command": "clang++ -c foo.cpp -o foo.o",
    40. 

  40.       "file": "foo.cpp"
    41. 

  41.     },
    42. 

  42.     {
    43. 

  43.       "directory": "/path/to/your/project",
    44. 

  44.       "command": "clang++ -c main.cpp -o main.o",
    45. 

  45.       "file": "main.cpp"
    46. 

  46.     }
    47. 

  47.   ]
    48. 

  48. 

  49. We'd like to analyze `main.cpp` and discover the division by zero bug.
    50. 

  50. In order to be able to inline the definition of `foo` from `foo.cpp` first we have to generate the `AST` (or `PCH`) file of `foo.cpp`:
    51. 

  51. 

  52. .. code-block:: bash
    53. 

  53. 

  54.   $ pwd $ /path/to/your/project
    55. 

  55.   $ clang++ -emit-ast -o foo.cpp.ast foo.cpp
    56. 

  56.   $ # Check that the .ast file is generated:
    57. 

  57.   $ ls
    58. 

  58.   compile_commands.json  foo.cpp.ast  foo.cpp  main.cpp
    59. 

  59.   $
    60. 

  60. 

  61. The next step is to create a CTU index file which holds the `USR` name and location of external definitions in the source files:
    62. 

  62. 

  63. .. code-block:: bash
    64. 

  64. 

  65.   $ clang-extdef-mapping -p . foo.cpp
    66. 

  66.   c:@F@foo# /path/to/your/project/foo.cpp
    67. 

  67.   $ clang-extdef-mapping -p . foo.cpp > externalDefMap.txt
    68. 

  68. 

  69. We have to modify `externalDefMap.txt` to contain the name of the `.ast` files instead of the source files:
    70. 

  70. 

  71. .. code-block:: bash
    72. 

  72. 

  73.   $ sed -i -e "s/.cpp/.cpp.ast/g" externalDefMap.txt
    74. 

  74. 

  75. We still have to further modify the `externalDefMap.txt` file to contain relative paths:
    76. 

  76. 

  77. .. code-block:: bash
    78. 

  78. 

  79.   $ sed -i -e "s|$(pwd)/||g" externalDefMap.txt
    80. 

  80. 

  81. Now everything is available for the CTU analysis.
    82. 

  82. We have to feed Clang with CTU specific extra arguments:
    83. 

  83. 

  84. .. code-block:: bash
    85. 

  85. 

  86.   $ pwd
    87. 

  87.   /path/to/your/project
    88. 

  88.   $ clang++ --analyze -Xclang -analyzer-config -Xclang experimental-enable-naive-ctu-analysis=true -Xclang -analyzer-config -Xclang ctu-dir=. -Xclang -analyzer-output=plist-multi-file main.cpp
    89. 

  89.   main.cpp:5:12: warning: Division by zero
    90. 

  90.     return 3 / foo();
    91. 

  91.            ~~^~~~~~~
    92. 

  92.   1 warning generated.
    93. 

  93.   $ # The plist file with the result is generated.
    94. 

  94.   $ ls
    95. 

  95.   compile_commands.json  externalDefMap.txt  foo.ast  foo.cpp  foo.cpp.ast  main.cpp  main.plist
    96. 

  96.   $
    97. 

  97. 

  98. This manual procedure is error-prone and not scalable, therefore to analyze real projects it is recommended to use `CodeChecker` or `scan-build-py`.
    99. 

  99. 

  100. Automated CTU Analysis with CodeChecker
    101. 

  101. ---------------------------------------
    102. 

  102. The `CodeChecker <https://github.com/Ericsson/codechecker>`_ project fully supports automated CTU analysis with Clang.
    103. 

  103. Once we have set up the `PATH` environment variable and we activated the python `venv` then it is all it takes:
    104. 

  104. 

  105. .. code-block:: bash
    106. 

  106. 

  107.   $ CodeChecker analyze --ctu compile_commands.json -o reports
    108. 

  108.   [INFO 2019-07-16 17:21] - Pre-analysis started.
    109. 

  109.   [INFO 2019-07-16 17:21] - Collecting data for ctu analysis.
    110. 

  110.   [INFO 2019-07-16 17:21] - [1/2] foo.cpp
    111. 

  111.   [INFO 2019-07-16 17:21] - [2/2] main.cpp
    112. 

  112.   [INFO 2019-07-16 17:21] - Pre-analysis finished.
    113. 

  113.   [INFO 2019-07-16 17:21] - Starting static analysis ...
    114. 

  114.   [INFO 2019-07-16 17:21] - [1/2] clangsa analyzed foo.cpp successfully.
    115. 

  115.   [INFO 2019-07-16 17:21] - [2/2] clangsa analyzed main.cpp successfully.
    116. 

  116.   [INFO 2019-07-16 17:21] - ----==== Summary ====----
    117. 

  117.   [INFO 2019-07-16 17:21] - Successfully analyzed
    118. 

  118.   [INFO 2019-07-16 17:21] -   clangsa: 2
    119. 

  119.   [INFO 2019-07-16 17:21] - Total analyzed compilation commands: 2
    120. 

  120.   [INFO 2019-07-16 17:21] - ----=================----
    121. 

  121.   [INFO 2019-07-16 17:21] - Analysis finished.
    122. 

  122.   [INFO 2019-07-16 17:21] - To view results in the terminal use the "CodeChecker parse" command.
    123. 

  123.   [INFO 2019-07-16 17:21] - To store results use the "CodeChecker store" command.
    124. 

  124.   [INFO 2019-07-16 17:21] - See --help and the user guide for further options about parsing and storing the reports.
    125. 

  125.   [INFO 2019-07-16 17:21] - ----=================----
    126. 

  126.   [INFO 2019-07-16 17:21] - Analysis length: 0.659618854523 sec.
    127. 

  127.   $ ls
    128. 

  128.   compile_commands.json  foo.cpp  foo.cpp.ast  main.cpp  reports
    129. 

  129.   $ tree reports
    130. 

  130.   reports
    131. 

  131.   ├── compile_cmd.json
    132. 

  132.   ├── compiler_info.json
    133. 

  133.   ├── foo.cpp_53f6fbf7ab7ec9931301524b551959e2.plist
    134. 

  134.   ├── main.cpp_23db3d8df52ff0812e6e5a03071c8337.plist
    135. 

  135.   ├── metadata.json
    136. 

  136.   └── unique_compile_commands.json
    137. 

  137. 

  138.   0 directories, 6 files
    139. 

  139.   $
    140. 

  140. 

  141. The `plist` files contain the results of the analysis, which may be viewed with the regular analysis tools.
    142. 

  142. E.g. one may use `CodeChecker parse` to view the results in command line:
    143. 

  143. 

  144. .. code-block:: bash
    145. 

  145. 

  146.   $ CodeChecker parse reports
    147. 

  147.   [HIGH] /home/egbomrt/ctu_mini_raw_project/main.cpp:5:12: Division by zero [core.DivideZero]
    148. 

  148.     return 3 / foo();
    149. 

  149.              ^
    150. 

  150. 

  151.   Found 1 defect(s) in main.cpp
    152. 

  152. 

  153. 

  154.   ----==== Summary ====----
    155. 

  155.   -----------------------
    156. 

  156.   Filename | Report count
    157. 

  157.   -----------------------
    158. 

  158.   main.cpp |            1
    159. 

  159.   -----------------------
    160. 

  160.   -----------------------
    161. 

  161.   Severity | Report count
    162. 

  162.   -----------------------
    163. 

  163.   HIGH     |            1
    164. 

  164.   -----------------------
    165. 

  165.   ----=================----
    166. 

  166.   Total number of reports: 1
    167. 

  167.   ----=================----
    168. 

  168. 

  169. Or we can use `CodeChecker parse -e html` to export the results into HTML format:
    170. 

  170. 

  171. .. code-block:: bash
    172. 

  172. 

  173.   $ CodeChecker parse -e html -o html_out reports
    174. 

  174.   $ firefox html_out/index.html
    175. 

  175. 

  176. Automated CTU Analysis with scan-build-py (don't do it)
    177. 

  177. -------------------------------------------------------
    178. 

  178. We actively develop CTU with CodeChecker as a "runner" script, `scan-build-py` is not actively developed for CTU.
    179. 

  179. `scan-build-py` has various errors and issues, expect it to work with the very basic projects only.
    180. 

  180. 

  181. Example usage of scan-build-py:
    182. 

  182. 

  183. .. code-block:: bash
    184. 

  184. 

  185.   $ /your/path/to/llvm-project/clang/tools/scan-build-py/bin/analyze-build --ctu
    186. 

  186.   analyze-build: Run 'scan-view /tmp/scan-build-2019-07-17-17-53-33-810365-7fqgWk' to examine bug reports.
    187. 

  187.   $ /your/path/to/llvm-project/clang/tools/scan-view/bin/scan-view /tmp/scan-build-2019-07-17-17-53-33-810365-7fqgWk
    188. 

  188.   Starting scan-view at: http://127.0.0.1:8181
    189. 

  189.     Use Ctrl-C to exit.
    190. 

  190.   [6336:6431:0717/175357.633914:ERROR:browser_process_sub_thread.cc(209)] Waited 5 ms for network service
    191. 

  191.   Opening in existing browser session.
    192. 

  192.   ^C
    193. 

  193.   $
    194.