PhpRiot
News Archive
PhpRiot Newsletter
Your Email Address:

More information

Using CLANG/scan-build for Static Analysis of the PHP Interpreter

Note: This article was originally published at Planet PHP on 16 December 2011.
Planet PHP

I have been tinkering with CLANG's static analyzer lately. This post summarizes how I installed LLVM and CLANG and performed the analysis of a build of the PHP interpreter.

First, we need to obtain the CLANG and LLVM source trees and build CLANG:

cd /usr/local/src mkdir clang cd clang svn co http://llvm.org/svn/llvm-project/llvm/trunk llvm cd llvm/tools svn co http://llvm.org/svn/llvm-project/cfe/trunk clang cd ../../ mkdir build cd build ../llvm/configure --enable-optimized --disable-assertions make

Then we need to add the directories that contain clang, ccc-analyzer, and scan-build to our $PATH:

export PATH=/usr/local/src/clang/build/Release/bin:/usr/local/src/clang/llvm/tools/clang/tools/scan-build:$PATH

Now we can analyze the C code of PHP while compiling it using CLANG:

cd /usr/local/src/php/5.4 export CC="ccc-analyzer" export CXX="ccc-analyzer" scan-build ./configure scan-build make

Once the build completes there will be a report directory with html files (about 1.5 GB of them) in /tmp.