Skip to main content

Code Review Tool for Objective-C

Clang Static Analyzer

The Clang Static Analyzer is a source code analysis tool that finds bugs in C, C++, and Objective-C programs.
Currently it can be run either as a standalone tool or within Xcode. The standalone tool is invoked from the command line, and is intended to be run in tandem with a build of a codebase.
The analyzer is 100% open source and is part of the Clangproject. Like the rest of Clang, the analyzer is implemented as a C++ library that can be used by other tools and applications.

Download


Mac OS X


Other Platforms

For other platforms, please follow the instructions for building the analyzer from source code.
analyzer in xcode
Viewing static analyzer results in Xcode
analyzer in browser
Viewing static analyzer results in a web browser

What is Static Analysis?

The term "static analysis" is conflated, but here we use it to mean a collection of algorithms and techniques used to analyze source code in order to automatically find bugs. The idea is similar in spirit to compiler warnings (which can be useful for finding coding errors) but to take that idea a step further and find bugs that are traditionally found using run-time debugging techniques such as testing.
Static analysis bug-finding tools have evolved over the last several decades from basic syntactic checkers to those that find deep bugs by reasoning about the semantics of code. The goal of the Clang Static Analyzer is to provide a industrial-quality static analysis framework for analyzing C, C++, and Objective-C programs that is freely available, extensible, and has a high quality of implementation.

Part of Clang and LLVM

As its name implies, the Clang Static Analyzer is built on top of Clang and LLVM. Strictly speaking, the analyzer is part of Clang, as Clang consists of a set of reusable C++ libraries for building powerful source-level tools. The static analysis engine used by the Clang Static Analyzer is a Clang library, and has the capability to be reused in different contexts and by different clients.

Important Points to Consider

While we believe that the static analyzer is already very useful for finding bugs, we ask you to bear in mind a few points when using it.

Work-in-Progress

The analyzer is a continuous work-in-progress. There are many planned enhancements to improve both the precision and scope of its analysis algorithms as well as the kinds of bugs it will find. While there are fundamental limitations to what static analysis can do, we have a long way to go before hitting that wall.

Slower than Compilation

Operationally, using static analysis to automatically find deep program bugs is about trading CPU time for the hardening of code. Because of the deep analysis performed by state-of-the-art static analysis tools, static analysis can be much slower than compilation.
While the Clang Static Analyzer is being designed to be as fast and light-weight as possible, please do not expect it to be as fast as compiling a program (even with optimizations enabled). Some of the algorithms needed to find bugs require in the worst case exponential time.
The Clang Static Analyzer runs in a reasonable amount of time by both bounding the amount of checking work it will do as well as using clever algorithms to reduce the amount of work it must do to find bugs.

False Positives

Static analysis is not perfect. It can falsely flag bugs in a program where the code behaves correctly. Because some code checks require more analysis precision than others, the frequency of false positives can vary widely between different checks. Our long-term goal is to have the analyzer have a low false positive rate for most code on all checks.
Please help us in this endeavor by reporting false positives. False positives cannot be addressed unless we know about them.

More Checks

Static analysis is not magic; a static analyzer can only find bugs that it has been specifically engineered to find. If there are specific kinds of bugs you would like the Clang Static Analyzer to find, please feel free to file feature requests or contribute your own patches.

More Links :
http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis
http://oclint.org/
Labels:

Comments

  1. AnonymousAugust 21, 2015 at 4:02 AM

    Thanks Affity Solution. Sorry for the late reply

    ReplyDelete
  2. ICS Cyber SecurityJanuary 29, 2017 at 2:35 AM

    The idea is similar in spirit to compiler warnings but to take that idea a step further and find bugs that are traditionally found using run-time debugging techniques such as testing.
    ios code review tools

    ReplyDelete

Post a Comment

Popular posts from this blog

iOS9 iTune Upload Error : Invalid Bundle. iPad Multitasking support requires launch story board in bundle

1. Add the UIRequiresFullScreen key to your Xcode project’s Info.plist file and apply the Boolean value YES 2. This will fix one more issue that is coming at the time of iTune upload Invalid Bundle. iPad Multitasking support requires these orientations: 'UIInterfaceOrientationPortrait,UIInterfaceOrientationPortraitUpsideDown,UIInterfaceOrientationLandscapeLeft,UIInterfaceOrientationLandscapeRight'. If your application only using single orientation then use the above keyword in info.plist
1 comment
Read more

iOS Beta Builder

Download iOS Beta Builder 1.0 While I’ve been working on iOS for awhile, I don’t have a ton of experience with Cocoa proper – I’m sure there are probably some issues that slipped through the testing process. Screenshots:   How Does It Work? 1. Build your .ipa file using Xcode’s ‘Build and Archive’ option. Choose ‘Save to Disk’. 2. Launch BetaBuilder (or drag and drop the .ipa on to it). If you need to, select your .ipa file. The app should pre-fill the other details. 3. Enter your intended deployment URL. This is the URL on the Web where your beta will be posted / viewed in a browser. This info gets baked into the deployment file. 4. Hit ‘Generate Deployment Files’ and pick a location to output the files. That’s it – just upload the generated files to your Web server and then hit the URL in the device’s browser. BetaBuilder simply generates the HTML and manifest files needed to make wireless distribution work. As a convenience, it also bundles an iTunes installable
2 comments
Read more

AppCenter SDK integration error while running on device

While running the application on device and added AppCenter SDK. Analytics call showing below error. "An SSL error has occurred and a secure connection to the server cannot be made." Solution:  Add the below code in the info.plist file:      <key> NSAppTransportSecurity </key> <dict> <key> NSExceptionDomains </key> <dict> <key> *.appcenter.com </key> <dict> <key> NSExceptionMinimumTLSVersion </key> <string> TLSv1.2 </string> </dict> </dict> </dict> Your Plist file looks this after adding the above code: <?xml version= "1.0" encoding= "UTF-8" ?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" " http://www.apple.com/DTDs/PropertyList-1.0.dtd " > <plist version = "1.0" > <dict> <key> NSAppTransportSecurity </key> <dict> <key> NSExceptionDom
Post a Comment
Read more