Static analysis is a way of analyzing source code without executing it. One of its applications is to find code smells and bugs.
Fuchsia uses Clang as its compiler. Clang has several tools to analyze the code statically. Fuchsia enables a large set of useful warning messages and compiles with warnings as errors.
Before you do static analysis, make sure you have the following:
- Toolchain: You can either use the prebuilt toolchain or compile compile a toolchain. For information on compiling a toolchain, see the toolchain guide. Note: This guide assumes that you are using the prebuilt toolchain.
- Compilation database: You need the compilation database to use
clang-tidyand Clang static analyzer. Note: You must run this command daily to make sure that the compilation database is up to date.
There is a more detailed guide available here.
Clang static analyzer
pip install scan-build --user
You might get a warning that
~/.local/bin is not part of the
add it to your
PATH environment variable or install
scan-build globally (without the
From your Fuchsia directory, run the Clang static analyzer:
analyze-build --cdb compile_commands.json --use-analyzer path/to/checkout/prebuilt/third_party/clang/linux-x64/bin/clang --output path/to/output
View the results
View the results of Clang static analyzer with Chrome: