Clang Static Analysis vs AppCode Project Inspection Question

I'm relatively new to iOS development and I'm looking for some enligthenment: My team builds our project with static analysis enabled for debug builds in XCode. To evaluate AppCode's inspection feature, I performed an inspection on the entire project.

While I expected AppCode's inspection to be good, I did not expect that it would find 50+ instances of ivars that were not being deallocated correctly. We verified that AppCode had correctly identified the issue, in a couple cases this resolved known memory leaks.

Should the clang static analyzer have caught these?

I'm hoping its because some project settings haven't been correctly set. As I'd expect the clang static analyzer to at least flag missing de-allocations.

In any case props to the JB team for an excellent product. This feature alone made my stock go up in my new company.  More importantly, it's generating some sales for JB.

2 comments
Comment actions Permalink

Well I can partially answer the question. According to the Clang site it should have identified this issue:

osx.cocoa.RetainCount Check for leaks and improper reference count management.


In an attempt to understand why they aren't being flagged I've tried running Clang on the project from the command-line but it encounters the following error:

clang: error: unsupported option '--serialize-diagnostics'

Any pointers to sites or documentation that will help me understand Clang and how to use it properly would be appreciated.

TIA
0
Comment actions Permalink

Got a response on this from the Clang mailing list:

Hello, Seamus. Clang does have support for this check, but it's disabled by default (possibly because of http://llvm.org/bugs/show_bug.cgi?id=8838 ).

To run the analyzer from the command line, see the instructions at http://clang-analyzer.llvm.org/scan-build.html . You can use "-enable-checker experimental.osx.cocoa.Dealloc" to see if it would have caught your problems.

So keep in mind at least one of the features supported by Clang is turned off. I noticed a couple other issues flagged by AppCode that are supposed to be flagged by Clang but are not. (Un-used ivars for example.)  My team and company had a false sense of security with XCode's static analysis feature and I'm digging through Clang's archives and bugzilla to determine exactly what features it provides that we can truely rely on.

Again, great job JetBrains!  AppCode's static analysis pays for the license, easily.

0

Please sign in to leave a comment.