Running the analyzer from the command line

Static Analyzer is by design a GUI tool. Its purpose is to find buggy execution paths in the program, and such paths are very hard to comprehend by looking at a non-interactive standard output. It is possible, however, to invoke the Static Analyzer from the command line in order to obtain analysis results, and then later view them interactively in a graphical interface. The following tools are used commonly to run the analyzer from the command line. Both tools are wrapper scripts to drive the analysis and the underlying invocations of the Clang compiler:

  1. Scan-Build is an old and simple command-line tool that emits static analyzer warnings as HTML files while compiling your project. You can view the analysis results in your web browser.
    • Useful for individual developers who simply want to view static analysis results at their desk, or in a very simple collaborative environment.
    • Works on all major platforms (Windows, Linux, macOS) and is available as a package in many Linux distributions.
    • Does not include support for cross-translation-unit analysis.
  2. CodeChecker is a web server that runs the Static Analyzer on your projects on demand and maintains a database of issues.
    • Perfect for managing large amounts of Static Analyzer warnings in a collaborative environment.
    • Generally much more feature-rich than scan-build.
    • Supports incremental analysis: Results can be stored in a database, subsequent analysis runs can be compared to list the newly added defects.
    • Cross Translation Unit (CTU) analysis is supported fully on Linux via CodeChecker.
    • Can run clang-tidy checkers too.
    • Open source, but out-of-tree, i.e. not part of the LLVM project.