Back to Details

static-analysis

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Static Analysis

静态分析

Purpose

用途

Guide agents through selecting, running, and triaging static analysis tools for C/C++ — clang-tidy, cppcheck, and scan-build — including suppression strategies and CI integration.
指导Agent完成C/C++静态分析工具(clang-tidy、cppcheck和scan-build)的选择、运行与问题梳理,包括误报抑制策略和CI集成方法。

Triggers

触发场景

  • "How do I run clang-tidy on my project?"
  • "What clang-tidy checks should I enable?"
  • "cppcheck is reporting false positives — how do I suppress them?"
  • "How do I set up scan-build for deeper analysis?"
  • "My build is noisy with static analysis warnings"
  • "How do I generate compile_commands.json for clang-tidy?"
  • "如何在我的项目中运行clang-tidy?"
  • "应该启用哪些clang-tidy检查规则?"
  • "cppcheck报告了误报,该如何抑制?"
  • "如何设置scan-build进行深度分析?"
  • "我的构建日志充满了静态分析警告"
  • "如何为clang-tidy生成compile_commands.json?"

Workflow

操作流程

1. Generate compile_commands.json

1. 生成compile_commands.json

clang-tidy requires a compilation database:
bash
undefined
clang-tidy需要编译数据库:
bash
undefined

CMake (preferred)

CMake(推荐方式)

cmake -S . -B build -DCMAKE_EXPORT_COMPILE_COMMANDS=ON ln -s build/compile_commands.json .
cmake -S . -B build -DCMAKE_EXPORT_COMPILE_COMMANDS=ON ln -s build/compile_commands.json .

Bear (for Make-based projects)

Bear(适用于基于Make的项目)

bear -- make
bear -- make

compiledb (alternative for Make)

compiledb(Make项目的替代方案)

pip install compiledb compiledb make
undefined
pip install compiledb compiledb make
undefined

2. Run clang-tidy

2. 运行clang-tidy

bash
undefined
bash
undefined

Single file

单个文件

clang-tidy src/foo.c -- -std=c11 -I include/
clang-tidy src/foo.c -- -std=c11 -I include/

Whole project via compile_commands.json

通过compile_commands.json分析整个项目

run-clang-tidy -p build/ -j$(nproc)
run-clang-tidy -p build/ -j$(nproc)

With specific checks enabled

启用特定检查规则

clang-tidy -checks='bugprone-,modernize-,performance-*' src/foo.cpp
clang-tidy -checks='bugprone-,modernize-,performance-*' src/foo.cpp

Apply auto-fixes

自动修复问题

clang-tidy -checks='modernize-use-nullptr' -fix src/foo.cpp
undefined
clang-tidy -checks='modernize-use-nullptr' -fix src/foo.cpp
undefined

3. Check category decision tree

3. 检查类别决策树

text
Goal?
├── Find real bugs            → bugprone-*, clang-analyzer-*
├── Modernise C++ code        → modernize-*
├── Follow core guidelines    → cppcoreguidelines-*
├── Catch performance issues  → performance-*
├── Security hardening        → cert-*, hicpp-*
└── Readability / style       → readability-*, llvm-*
CategoryKey checksWhat it catches
bugprone-*
use-after-move
, 
integer-division
, 
suspicious-memset-usage
Likely bugs
modernize-*
use-nullptr
, 
use-override
, 
use-auto
C++11/14/17 idioms
cppcoreguidelines-*
avoid-goto
, 
pro-bounds-*
, 
no-malloc
C++ Core Guidelines
performance-*
unnecessary-copy-initialization
, 
avoid-endl
Performance regressions
clang-analyzer-*
core.*
, 
unix.*
, 
security.*
Path-sensitive bugs
cert-*
err34-c
, 
str51-cpp
CERT coding standard
text
目标?
├── 查找真实漏洞            → bugprone-*, clang-analyzer-*
├── 现代化C++代码        → modernize-*
├── 遵循核心准则    → cppcoreguidelines-*
├── 捕获性能问题  → performance-*
├── 安全强化        → cert-*, hicpp-*
└── 可读性/风格       → readability-*, llvm-*
类别核心检查规则检测内容
bugprone-*
use-after-move
, 
integer-division
, 
suspicious-memset-usage
潜在漏洞
modernize-*
use-nullptr
, 
use-override
, 
use-auto
C++11/14/17惯用写法
cppcoreguidelines-*
avoid-goto
, 
pro-bounds-*
, 
no-malloc
C++核心准则合规性
performance-*
unnecessary-copy-initialization
, 
avoid-endl
性能退化问题
clang-analyzer-*
core.*
, 
unix.*
, 
security.*
路径敏感型漏洞
cert-*
err34-c
, 
str51-cpp
CERT编码标准合规性

4. .clang-tidy configuration file

4. .clang-tidy配置文件

yaml
undefined
yaml
undefined

.clang-tidy — place at project root

.clang-tidy — 放置在项目根目录

Checks: > bugprone-, modernize-, performance-, -modernize-use-trailing-return-type, -bugprone-easily-swappable-parameters WarningsAsErrors: 'bugprone-,clang-analyzer-' HeaderFilterRegex: '^(src|include)/.' CheckOptions:
  • key: modernize-loop-convert.MinConfidence value: reasonable
  • key: readability-identifier-naming.VariableCase value: camelCase
undefined
Checks: > bugprone-, modernize-, performance-, -modernize-use-trailing-return-type, -bugprone-easily-swappable-parameters WarningsAsErrors: 'bugprone-,clang-analyzer-' HeaderFilterRegex: '^(src|include)/.' CheckOptions:
  • key: modernize-loop-convert.MinConfidence value: reasonable
  • key: readability-identifier-naming.VariableCase value: camelCase
undefined

5. Suppress false positives

5. 抑制误报

cpp
// Suppress a single line
int result = riskyOp(); // NOLINT(bugprone-signed-char-misuse)

// Suppress a block
// NOLINTNEXTLINE(cppcoreguidelines-avoid-magic-numbers)
constexpr int BUFFER_SIZE = 4096;

// Suppress whole function
[[clang::suppress("bugprone-*")]]
void legacy_code() { /* ... */ }
Or in 
.clang-tidy
:
yaml
undefined
cpp
// 抑制单行警告
int result = riskyOp(); // NOLINT(bugprone-signed-char-misuse)

// 抑制代码块警告
// NOLINTNEXTLINE(cppcoreguidelines-avoid-magic-numbers)
constexpr int BUFFER_SIZE = 4096;

// 抑制整个函数的警告
[[clang::suppress("bugprone-*")]]
void legacy_code() { /* ... */ }
或在
.clang-tidy
中配置:
yaml
undefined

Exclude third-party directories

排除第三方目录

HeaderFilterRegex: '^(src|include)/.*'
HeaderFilterRegex: '^(src|include)/.*'

Disable specific checks

禁用特定检查规则

Checks: '-bugprone-easily-swappable-parameters'
undefined
Checks: '-bugprone-easily-swappable-parameters'
undefined

6. Run cppcheck

6. 运行cppcheck

bash
undefined
bash
undefined

Basic run

基础运行

cppcheck --enable=all --std=c11 src/
cppcheck --enable=all --std=c11 src/

With compile_commands.json

结合compile_commands.json运行

cppcheck --project=build/compile_commands.json
cppcheck --project=build/compile_commands.json

Include specific checks and suppress noise

启用特定检查并抑制无关警告

cppcheck --enable=warning,performance,portability
--suppress=missingIncludeSystem
--suppress=unmatchedSuppression
--error-exitcode=1
src/
cppcheck --enable=warning,performance,portability
--suppress=missingIncludeSystem
--suppress=unmatchedSuppression
--error-exitcode=1
src/

Generate XML report for CI

生成XML报告用于CI

cppcheck --xml --xml-version=2 src/ 2> cppcheck-report.xml

| `--enable=` value | What it checks |
|-------------------|----------------|
| `warning` | Undefined behaviour, bad practices |
| `performance` | Redundant operations, inefficient patterns |
| `portability` | Non-portable constructs |
| `information` | Configuration and usage notes |
| `all` | Everything above |
cppcheck --xml --xml-version=2 src/ 2> cppcheck-report.xml

| `--enable=` 参数值 | 检测内容 |
|-------------------|----------------|
| `warning` | 未定义行为、不良编码习惯 |
| `performance` | 冗余操作、低效代码模式 |
| `portability` | 非可移植代码结构 |
| `information` | 配置与使用说明 |
| `all` | 包含以上所有类别 |

7. Path-sensitive analysis with scan-build

7. 使用scan-build进行路径敏感分析

bash
undefined
bash
undefined

Intercept a Make build

拦截Make构建过程

scan-build make
scan-build make

Intercept CMake build

拦截CMake构建过程

scan-build cmake --build build/
scan-build cmake --build build/

Show HTML report

查看HTML报告

scan-view /tmp/scan-build-*/
scan-view /tmp/scan-build-*/

With specific checkers

启用特定检查器

scan-build -enable-checker security.insecureAPI.gets
-enable-checker alpha.unix.cstring.BufferOverlap
make

scan-build finds deeper bugs than clang-tidy: use-after-free across functions, dead stores from logic errors, null dereferences on complex paths.
scan-build -enable-checker security.insecureAPI.gets
-enable-checker alpha.unix.cstring.BufferOverlap
make

scan-build能检测出比clang-tidy更深度的漏洞:跨函数的use-after-free、逻辑错误导致的死存储、复杂路径下的空指针解引用等。

8. CI integration

8. CI集成

yaml
undefined
yaml
undefined

GitHub Actions

GitHub Actions

  • name: Static analysis run: | cmake -S . -B build -DCMAKE_EXPORT_COMPILE_COMMANDS=ON run-clang-tidy -p build -j$(nproc) -warnings-as-errors '*'
  • name: cppcheck run: | cppcheck --enable=warning,performance
    --suppress=missingIncludeSystem
    --error-exitcode=1
    src/

For clang-tidy check details, see [references/clang-tidy-checks.md](references/clang-tidy-checks.md).
  • name: Static analysis run: | cmake -S . -B build -DCMAKE_EXPORT_COMPILE_COMMANDS=ON run-clang-tidy -p build -j$(nproc) -warnings-as-errors '*'
  • name: cppcheck run: | cppcheck --enable=warning,performance
    --suppress=missingIncludeSystem
    --error-exitcode=1
    src/

如需了解clang-tidy检查规则的详细信息,请查看[references/clang-tidy-checks.md](references/clang-tidy-checks.md)。

Related skills

相关技能

  • Use 
    skills/compilers/clang
    for Clang toolchain and diagnostic flags
  • Use 
    skills/compilers/gcc
    for GCC warnings as complementary analysis
  • Use 
    skills/runtimes/sanitizers
    for runtime bug detection alongside static analysis
  • Use 
    skills/build-systems/cmake
    for 
    CMAKE_EXPORT_COMPILE_COMMANDS
    setup
  • 如需了解Clang工具链和诊断标志,请使用
    skills/compilers/clang
    技能
  • 如需GCC警告的补充分析,请使用
    skills/compilers/gcc
    技能
  • 如需结合运行时漏洞检测,请使用
    skills/runtimes/sanitizers
    技能
  • 如需配置
    CMAKE_EXPORT_COMPILE_COMMANDS
    ,请使用
    skills/build-systems/cmake
    技能