I have been tinkering with CLANG's static analyzer lately. This post summarizes how I installed LLVM and CLANG and performed the analysis of a build of the PHP interpreter.

First, we need to obtain the CLANG and LLVM source trees and build CLANG:

cd /usr/local/src
mkdir clang
cd clang
svn co http://llvm.org/svn/llvm-project/llvm/trunk llvm
cd llvm/tools
svn co http://llvm.org/svn/llvm-project/cfe/trunk clang
cd ../../
mkdir build
cd build
../llvm/configure --enable-optimized --disable-assertions
make

Then we need to add the directories that contain clang, ccc-analyzer, and scan-build to our $PATH:

export PATH=/usr/local/src/clang/build/Release/bin:/usr/local/src/clang/llvm/tools/clang/tools/scan-build:$PATH

Now we can analyze the C code of PHP while compiling it using CLANG:

cd /usr/local/src/php/5.4

export CC="ccc-analyzer"
export CXX="ccc-analyzer"

scan-build ./configure
scan-build make

Once the build completes there will be a report directory with HTML files (about 1.5 GB of them) in /tmp.