Configure Clang Static Analyzer and checkers

Checker configuration can be done through the --saargs analysis option which forwards arguments without modification to the Clang Static Analyzer:

CodeChecker analyze --saargs static_analyzer.cfg

In the static_analyzer.cfg file various static analyzer and checker related configuration options can be configured like this:

-Xclang -analyzer-config -Xclang unix.Malloc:Optimistic=true -Xclang -analyzer-max-loop -Xclang 20

Before every configuration option '-Xclang' argument should be written and all the configuration options sould be in one line!

In the static_analyzer.cfg example file we set a checker specific configuration option unix.Malloc:Optimistic=true for the unix.Malloc checker and a static analyzer configuration option analyzer-max-loop (the maximum number of times the analyzer will go through a loop, the default value is 4).

Checker specific configuration options

This is not a comprehensive list view checker documentation or implementation for available configuration options:

checker name configuration option default value available values description
nullability NoDiagnoseCallsToSystemHeaders false true/false If true, the checker will not diagnose nullability issues for calls to system headers.
unix.Malloc Optimistic false true/false

Clang Static Analyzer configuration options

This is not a comprehesive list, check out the clang static analyzer documentation or source code for more details about the configuration options.

configuration option default value available values description
analyzer-max-loop 4
inline-lambdas true
ipa dynamic-bifurcate inter procedural analysis
ipa-always-inline-size 3
mode deep deep, shallow
max-inlinable-size 100 100 for deep mode, 4 for shallow
max-nodes 225000 22500 for deep, 75000 for shallow, maximum number of nodes for top level functions
unroll-loops false true/false
widen-loops false true/false
suppress-null-return-paths false
c++-inlining constructors constructors, destructors, none, methods inlining options
leak-diagnostics-reference-allocation false true/false
max-times-inline-large 32
region-store-small-struct-limit 2
path-diagnostics-alternate false true/false
report-in-main-source-file true true/false
min-cfg-size-treat-functions-as-large 14
cfg-conditional-static-initializers true
cfg-implicit-dtors true true/false
cfg-lifetime false true/false
cfg-loopexit false true/false
cfg-temporary-dtors false true/false
faux-bodies true true/false
graph-trim-interval 1000

Configure Clang tidy checkers

Using Clang tidy configuration files

clang-tidy attempts to read configuration for each analyzed source file from a .clang-tidy file located in the closest parent directory of the analyzed source file.

The .clang-tidy configuration file can be in JSON or YAML format.

JSON:

{
  "Checks": "clang-diagnostic-*,clang-analyzer-*",
  "WarningsAsErrors": "",
  "HeaderFilterRegex": "",
  "AnalyzeTemporaryDtors": false,
  "CheckOptions": [
    {
      "key": "google-readability-braces-around-statements.ShortStatementLines",
      "value": "1"
    },
    {
      "key": "modernize-loop-convert.MaxCopySize",
      "value": "16"
    },
    {
      "key": "modernize-loop-convert.NamingStyle",
      "value": "CamelCase"
    },
    {
      "key": "modernize-use-nullptr.NullMacros",
      "value": "NULL"
    }
  ]
}

or the same configuration in YAML format:

---
Checks:          'clang-diagnostic-*,clang-analyzer-*'
WarningsAsErrors: ''
HeaderFilterRegex: ''
AnalyzeTemporaryDtors: false
CheckOptions:
  - key:             google-readability-braces-around-statements.ShortStatementLines
    value:           '1'
  - key:             modernize-loop-convert.MaxCopySize
    value:           '16'
  - key:             modernize-loop-convert.NamingStyle
    value:           CamelCase
  - key:             modernize-use-nullptr.NullMacros
    value:           'NULL'
...

Using tidyargs option in CodeChecker

The --tidyargs analysis argument can be used to forward configuration options through CodeChecker to the clang-tidy analyzer.

CodeChecker analyze --tidyargs tidy_analyzer.cfg

Where the tidy_analyzer.cfg config file content looks like this where the configuration arguments (json in this case) should be in one line :

-config="{ "Checks": "clang-diagnostic-*,clang-analyzer-*", "WarningsAsErrors": "", "HeaderFilterRegex": "", "AnalyzeTemporaryDtors": false, "CheckOptions": [ { "key": "google-readability-braces-around-statements.ShortStatementLines", "value": "1" }, { "key": "modernize-loop-convert.MaxCopySize", "value": "16" }, { "key": "modernize-loop-convert.NamingStyle", "value": "CamelCase" }, { "key": "modernize-use-nullptr.NullMacros", "value": "NULL" } ] }"