LLVM/Clang Static Analyzer

The LLVM/Clang static analyzer is a standalone tool that find bugs in C and Objective-C programs. Currently the analyzer is invoked as a command-line tool. It is intended to run in tandem with a build of a project or code base.

Here are some important points we ask you to consider when using the static analyzer:

• This tool is very early in development. There are many planned enhancements to improve both the precision and scope of its analysis algorithms as well as the kinds bugs it will find.
• Static analysis can be much slower than compilation. While the analyzer is being designed to be as fast and light-weight as possible, please do not expect it to be as fast as compiling a program (even with optimizations enabled). Some of the algorithms needed to find bugs require in the worst case exponential time. The analyzer runs in a reasonable amount of time by both bounding the amount of checking work it will do as well as using clever algorithms to reduce the amount of work it must do to find bugs.
• False positives. Static analysis is not perfect. It can falsely flag bugs in a program where the code behaves correctly. Because some code checks require more analysis precision than others, the frequency of false positives can vary widely between different checks. Our eventual goal is to have the analyzer have a low false positive rate for most code on all checks.

Please tell us about False Positives

If you encounter a false positive, please let us know by filing a bug report. False positives cannot be addressed unless we know about them.

Want more bugs?

If there are specific kinds of bugs you would like the tool to find, please feel free to file feature requests.