C/C++静态分析工具指南：clang-tidy、cppcheck、scan-build配置与优化

static-analysis by mohitmishra786/low-level-dev-skills

281 周安装量

32 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/mohitmishra786/low-level-dev-skills --skill static-analysis

自动化代码质量 C++

🇨🇳中文介绍

静态分析

目的

指导代理如何为 C/C++ 项目选择、运行和筛选静态分析工具——包括 clang-tidy、cppcheck 和 scan-build——涵盖抑制策略和 CI 集成。

触发场景

"如何在我的项目上运行 clang-tidy？"
"我应该启用哪些 clang-tidy 检查项？"
"cppcheck 报告了误报——如何抑制它们？"
"如何设置 scan-build 进行更深入的分析？"
"我的构建过程中静态分析警告太多，很嘈杂"
"如何为 clang-tidy 生成 compile_commands.json？"

工作流程

1. 生成 compile_commands.json

clang-tidy 需要一个编译数据库：

# CMake (首选)
cmake -S . -B build -DCMAKE_EXPORT_COMPILE_COMMANDS=ON
ln -s build/compile_commands.json .

# Bear (用于基于 Make 的项目)
bear -- make

# compiledb (Make 的替代方案)
pip install compiledb
compiledb make

2. 运行 clang-tidy

# 单个文件
clang-tidy src/foo.c -- -std=c11 -I include/

# 通过 compile_commands.json 处理整个项目
run-clang-tidy -p build/ -j$(nproc)

# 启用特定检查项
clang-tidy -checks='bugprone-*,modernize-*,performance-*' src/foo.cpp

# 应用自动修复
clang-tidy -checks='modernize-use-nullptr' -fix src/foo.cpp

3. 检查类别决策树

目标？
├── 查找真实缺陷            → bugprone-*, clang-analyzer-*
├── 现代化 C++ 代码         → modernize-*
├── 遵循核心准则            → cppcoreguidelines-*
├── 捕获性能问题            → performance-*
├── 安全加固                → cert-*, hicpp-*
└── 可读性 / 风格           → readability-*, llvm-*

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

类别	关键检查项	捕获内容
`bugprone-*`	`use-after-move`, `integer-division`, `suspicious-memset-usage`	可能的缺陷
`modernize-*`	`use-nullptr`, `use-override`, `use-auto`	C++11/14/17 惯用法
`cppcoreguidelines-*`	`avoid-goto`, `pro-bounds-*`, `no-malloc`	C++ 核心准则
`performance-*`	`unnecessary-copy-initialization`, `avoid-endl`	性能退化
`clang-analyzer-*`	`core.`, `unix.`, `security.*`	路径敏感型缺陷
`cert-*`	`err34-c`, `str51-cpp`	CERT 编码标准

4. .clang-tidy 配置文件

# .clang-tidy — 放置在项目根目录
Checks: >
  bugprone-*,
  modernize-*,
  performance-*,
  -modernize-use-trailing-return-type,
  -bugprone-easily-swappable-parameters
WarningsAsErrors: 'bugprone-*,clang-analyzer-*'
HeaderFilterRegex: '^(src|include)/.*'
CheckOptions:
  - key: modernize-loop-convert.MinConfidence
    value: reasonable
  - key: readability-identifier-naming.VariableCase
    value: camelCase

// 抑制单行
int result = riskyOp(); // NOLINT(bugprone-signed-char-misuse)

// 抑制一个代码块
// NOLINTNEXTLINE(cppcoreguidelines-avoid-magic-numbers)
constexpr int BUFFER_SIZE = 4096;

// 抑制整个函数
[[clang::suppress("bugprone-*")]]
void legacy_code() { /* ... */ }

或者在 .clang-tidy 中：

# 排除第三方目录
HeaderFilterRegex: '^(src|include)/.*'
# 禁用特定检查项
Checks: '-bugprone-easily-swappable-parameters'

# 基本运行
cppcheck --enable=all --std=c11 src/

# 使用 compile_commands.json
cppcheck --project=build/compile_commands.json

# 包含特定检查并抑制噪音
cppcheck --enable=warning,performance,portability \
         --suppress=missingIncludeSystem \
         --suppress=unmatchedSuppression \
         --error-exitcode=1 \
         src/

# 为 CI 生成 XML 报告
cppcheck --xml --xml-version=2 src/ 2> cppcheck-report.xml

`--enable=` 值	检查内容
`warning`	未定义行为，不良实践
`performance`	冗余操作，低效模式
`portability`	不可移植的结构
`information`	配置和使用说明
`all`	以上所有内容

7. 使用 scan-build 进行路径敏感分析

# 拦截 Make 构建
scan-build make

# 拦截 CMake 构建
scan-build cmake --build build/

# 显示 HTML 报告
scan-view /tmp/scan-build-*/

# 使用特定检查器
scan-build -enable-checker security.insecureAPI.gets \
           -enable-checker alpha.unix.cstring.BufferOverlap \
           make

scan-build 能发现比 clang-tidy 更深层次的缺陷：跨函数的释放后使用、逻辑错误导致的死存储、复杂路径上的空指针解引用。

# GitHub Actions
- name: Static analysis
  run: |
    cmake -S . -B build -DCMAKE_EXPORT_COMPILE_COMMANDS=ON
    run-clang-tidy -p build -j$(nproc) -warnings-as-errors '*'

- name: cppcheck
  run: |
    cppcheck --enable=warning,performance \
             --suppress=missingIncludeSystem \
             --error-exitcode=1 \
             src/

有关 clang-tidy 检查项的详细信息，请参阅 references/clang-tidy-checks.md。

使用 skills/compilers/clang 获取 Clang 工具链和诊断标志
使用 skills/compilers/gcc 获取 GCC 警告作为补充分析
使用 skills/runtimes/sanitizers 进行运行时缺陷检测，与静态分析结合使用
使用 skills/build-systems/cmake 进行 CMAKE_EXPORT_COMPILE_COMMANDS 设置

🇺🇸English

Static Analysis

Purpose

Guide agents through selecting, running, and triaging static analysis tools for C/C++ — clang-tidy, cppcheck, and scan-build — including suppression strategies and CI integration.

Triggers

"How do I run clang-tidy on my project?"
"What clang-tidy checks should I enable?"
"cppcheck is reporting false positives — how do I suppress them?"
"How do I set up scan-build for deeper analysis?"
"My build is noisy with static analysis warnings"
"How do I generate compile_commands.json for clang-tidy?"

Workflow

1. Generate compile_commands.json

clang-tidy requires a compilation database:

# CMake (preferred)
cmake -S . -B build -DCMAKE_EXPORT_COMPILE_COMMANDS=ON
ln -s build/compile_commands.json .

# Bear (for Make-based projects)
bear -- make

# compiledb (alternative for Make)
pip install compiledb
compiledb make

2. Run clang-tidy

# Single file
clang-tidy src/foo.c -- -std=c11 -I include/

# Whole project via compile_commands.json
run-clang-tidy -p build/ -j$(nproc)

# With specific checks enabled
clang-tidy -checks='bugprone-*,modernize-*,performance-*' src/foo.cpp

# Apply auto-fixes
clang-tidy -checks='modernize-use-nullptr' -fix src/foo.cpp

3. Check category decision tree

Goal?
├── Find real bugs            → bugprone-*, clang-analyzer-*
├── Modernise C++ code        → modernize-*
├── Follow core guidelines    → cppcoreguidelines-*
├── Catch performance issues  → performance-*
├── Security hardening        → cert-*, hicpp-*
└── Readability / style       → readability-*, llvm-*

Category	Key checks	What it catches
`bugprone-*`	`use-after-move`, `integer-division`, `suspicious-memset-usage`	Likely bugs
`modernize-*`	`use-nullptr`, `use-override`, `use-auto`	C++11/14/17 idioms

4. .clang-tidy configuration file

# .clang-tidy — place at project root
Checks: >
  bugprone-*,
  modernize-*,
  performance-*,
  -modernize-use-trailing-return-type,
  -bugprone-easily-swappable-parameters
WarningsAsErrors: 'bugprone-*,clang-analyzer-*'
HeaderFilterRegex: '^(src|include)/.*'
CheckOptions:
  - key: modernize-loop-convert.MinConfidence
    value: reasonable
  - key: readability-identifier-naming.VariableCase
    value: camelCase

5. Suppress false positives

// Suppress a single line
int result = riskyOp(); // NOLINT(bugprone-signed-char-misuse)

// Suppress a block
// NOLINTNEXTLINE(cppcoreguidelines-avoid-magic-numbers)
constexpr int BUFFER_SIZE = 4096;

// Suppress whole function
[[clang::suppress("bugprone-*")]]
void legacy_code() { /* ... */ }

Or in .clang-tidy:

# Exclude third-party directories
HeaderFilterRegex: '^(src|include)/.*'
# Disable specific checks
Checks: '-bugprone-easily-swappable-parameters'

6. Run cppcheck

# Basic run
cppcheck --enable=all --std=c11 src/

# With compile_commands.json
cppcheck --project=build/compile_commands.json

# Include specific checks and suppress noise
cppcheck --enable=warning,performance,portability \
         --suppress=missingIncludeSystem \
         --suppress=unmatchedSuppression \
         --error-exitcode=1 \
         src/

# Generate XML report for CI
cppcheck --xml --xml-version=2 src/ 2> cppcheck-report.xml

`--enable=` value	What it checks
`warning`	Undefined behaviour, bad practices
`performance`	Redundant operations, inefficient patterns
`portability`	Non-portable constructs
`information`	Configuration and usage notes
`all`	Everything above

7. Path-sensitive analysis with scan-build

# Intercept a Make build
scan-build make

# Intercept CMake build
scan-build cmake --build build/

# Show HTML report
scan-view /tmp/scan-build-*/

# With specific checkers
scan-build -enable-checker security.insecureAPI.gets \
           -enable-checker alpha.unix.cstring.BufferOverlap \
           make

scan-build finds deeper bugs than clang-tidy: use-after-free across functions, dead stores from logic errors, null dereferences on complex paths.

8. CI integration

# GitHub Actions
- name: Static analysis
  run: |
    cmake -S . -B build -DCMAKE_EXPORT_COMPILE_COMMANDS=ON
    run-clang-tidy -p build -j$(nproc) -warnings-as-errors '*'

- name: cppcheck
  run: |
    cppcheck --enable=warning,performance \
             --suppress=missingIncludeSystem \
             --error-exitcode=1 \
             src/

For clang-tidy check details, see references/clang-tidy-checks.md.

Related skills

Use skills/compilers/clang for Clang toolchain and diagnostic flags
Use skills/compilers/gcc for GCC warnings as complementary analysis
Use skills/runtimes/sanitizers for runtime bug detection alongside static analysis
Use skills/build-systems/cmake for CMAKE_EXPORT_COMPILE_COMMANDS setup

Weekly Installs

281

Repository

mohitmishra786/…v-skills

GitHub Stars

First Seen

Feb 21, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

codex280

kimi-cli279

gemini-cli279

amp279

cline279

github-copilot279

通过 LiteLLM 代理让 Claude Code 对接 GitHub Copilot 运行 | 高级变通方案指南

22,200 周安装