Using Clang Static Analyzer for iOS Projects: Setup, Common Issues, and Report Generation

Clang Static Analyzer is a static code scanning tool that analyzes C, C++ and Objective‑C programs. It is now integrated into Xcode and can be invoked with the shortcut command+shift+B , or run from the command line to produce HTML or XML reports suitable for CI integration such as Jenkins.

The default checkers cover several areas: Core Checkers, C++ Checkers, Dead Code Checkers, OS X Checkers, Security Checkers, and Unix Checkers.

Typical problems detected by the analyzer include:

Branch condition evaluates to garbage value

Dangerous variable‑length array (VLA) declaration

Dereference of null pointer

Dereference of undefined pointer value

Division by zero

Garbage return value

Stack address stored into global variable

Unix API issues

Assuming your iOS project is named PROJECT with scheme SCHEME , after installing Clang Static Analyzer locate the scan-build script and run the following command in the project directory:

$scan-build -k -v -v -o ./clangScanBuildReports xcodebuild -workspace PROJECT.xcworkspace -scheme SCHEME -configuration Debug -sdk iphonesimulator ARCHS=i386 VALID_ARCHS=i386

The generated reports are placed in the clangScanBuildReports folder; opening index.html displays the analysis results, as illustrated in the screenshots below.

For more details, click the "Read Original" link to visit the official Clang Static Analyzer website.