Xcode Static Analyzer

RSS for tag

The Xcode Clang Static Analyzer finds bugs in Objective-C, C, and C++ code. It finds hard-to-produce, edge-case bugs without the need to run code and shows the sequence of steps along which the bug occurs.

Clang Static Analyzer Documentation

Posts under Xcode Static Analyzer tag

12 Posts
Sort by:
Post not yet marked as solved
1 Replies
263 Views
Dear Apple Developer Forum Community, I hope this message finds you well. I am writing to seek assistance regarding an error I encountered while attempting to create a "Swift Basics " application using Xcode. Upon launching Xcode and starting a new project, I followed the standard procedure "/Users/zipzygames/Desktop/Swift Basics/Swift Basics/Assets.xcassets:./AppIcon.solidimagestack The last visionOS App Icon Layer with content, "Back", must exactly fill the image stack. Its current frame is {{0, 0}, {515.5, 640}} while the visionOS App Icon's size is {512, 512}. " I have attempted to troubleshoot the issue by adding the 32 pixels and less 512 * 512 , but unfortunately, I have been unsuccessful in resolving it. I am reaching out to the community in the hope that someone might have encountered a similar issue or have expertise in troubleshooting Xcode errors. Any guidance, suggestions, or solutions would be greatly appreciated. Thank you very much for your time and assistance. Sincerely, Zipzy games
Posted Last updated
.
Post not yet marked as solved
1 Replies
927 Views
I received the MOBSF security check result PDF, where I found some "High" severity issues. 1.Binary makes use of insecure API(s) with high CWE: CWE-676: Use of Potentially Dangerous Function OWASP Top 10: M7: Client Code Quality OWASP MASVS: MSTG-CODE-8. The binary may contain the following insecure API(s): _sscanf, _memcpy, _fopen. 2.Binary makes use of the malloc function with high CWE: CWE-789: Uncontrolled Memory Allocation OWASP Top 10: M7: Client Code Quality OWASP MASVS: MSTG-CODE-8. The binary may use the _malloc function instead of calloc. I have utilized a static analyzer, but I am unable to identify the APIs such as _sscanf and others in my codebase. This issue is not being shown in Xcode IDE either. I have attempted static analysis in Xcode using the approach: Product -> Analyze, but I am still unable to identify the mentioned issues. Can anyone please help me overcome this scenario and successfully pass the MOBSF test? Thanks in Advance
Posted Last updated
.
Post not yet marked as solved
0 Replies
410 Views
I got MOBSF security check result pdf where i found some "High" - SEVERITY issues Binary makes use of insecure API(s) high CWE: CWE-676: Use of Potentially Dangerous Function OWASP Top 10: M7: Client Code Quality OWASP MASVS: MSTG-CODE-8 The binary may contain the following insecure API(s) _sscanf , _memcpy , _fopen Binary makes use of malloc function high CWE: CWE-789: Uncontrolled Memory Allocation OWASP Top 10: M7: Client Code Quality OWASP MASVS: MSTG-CODE-8 The binary may use _malloc function instead of calloc Anyone who knows about it, please comment it out. Your input would be appreciated. Thanks in Advance
Posted Last updated
.
Post not yet marked as solved
1 Replies
332 Views
hey, im new to C/C++ development in Mac im trying to build a test project, im facing a project thta i can't fix. when i tried to build my project, i get this error ld: symbol(s) not found for architecture arm64 clang: error: linker command failed with exit code 1 (use -v to see invocation)
Posted
by elyhanna1.
Last updated
.
Post not yet marked as solved
0 Replies
377 Views
Hi, O ma trying to complile the netcdf-cxx4-4.3.1 on my Monterey. I have the error message as follows: g++ -DHAVE_CONFIG_H -I. -I.. -g -O2 -MT ncAtt.lo -MD -MP -MF .deps/ncAtt.Tpo -c ncAtt.cpp -fno-common -DPIC -o .libs/ncAtt.o In file included from ncAtt.cpp:1: In file included from ./ncAtt.h:1: In file included from ./ncType.h:1: In file included from /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/c++/v1/string:519: In file included from /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/c++/v1/__debug:21: In file included from /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/c++/v1/cstddef:37: ../version:1:1: error: expected external declaration -n 4.3.1 What is it? Xcode Version 1: 3.4.1 (13F100) clang version: 13.1.6 (clang-1316.0.21.2.5)
Posted Last updated
.
Post not yet marked as solved
0 Replies
353 Views
Hi, I am trying to compile the netcdf-cxx4-4.3.1 on my Monterey. I have the error message as follows: g++ -DHAVE_CONFIG_H -I. -I.. -g -O2 -MT ncAtt.lo -MD -MP -MF .deps/ncAtt.Tpo -c ncAtt.cpp -fno-common -DPIC -o .libs/ncAtt.o In file included from ncAtt.cpp:1: In file included from ./ncAtt.h:1: In file included from ./ncType.h:1: In file included from /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/c++/v1/string:519: In file included from /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/c++/v1/__debug:21: In file included from /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/c++/v1/cstddef:37: ../version:1:1: error: expected external declaration -n 4.3.1 What is it? Xcode Version 1: 3.4.1 (13F100) clang version: 13.1.6 (clang-1316.0.21.2.5)
Posted Last updated
.
Post not yet marked as solved
2 Replies
601 Views
When viewing issues in the Issues Navigator, one can type text in the Filter field which seems to be interpreted as a file name pattern. The blue popup to the left also has pre-created options for “Issue Kind” and “≠Depreciation.” Is there documentation for how to create similar negative filters? I’m building a fork of LLVM, and would like to ignore some large classes of issues in the upstream code, e.g. implicit conversions. The local help for the Navigator Area, https://developer.apple.com/documentation/xcode/diagnosing-memory-thread-and-crash-issues-early, and https://developer.apple.com/documentation/xcode/build-system doesn’t seem to have anything relevant. Searching for “"Issues Navigator"” (in quotation marks) in the Forums is badly broken; the results are largely irrelevant, and seem identical to searching without the quotation marks. Searching in the web documentation returns no results.
Posted Last updated
.
Post not yet marked as solved
1 Replies
1.3k Views
Does anyone know the relationship, if any, between Xcode's static analyzer and clang-tidy? I.e. is Xcode's Analyze feature actually invoking a built-in clang-tidy? If not, does anyone have any experience using upstream clang-tidy (homebrew?) with a mostly-Xcode development flow?
Posted
by endecotp.
Last updated
.
Post marked as solved
3 Replies
2.0k Views
This seems to be a pretty weird issue. I'm following along with a SpriteKit tutorial, and while I can build my project and run it on my phone, I keep getting this error in the IDE: Cannot load underlying module for SpriteKit It says it cannot load the module but that's weird because SpriteKit should be a native framework that must've been installed with my XCode. It is pretty annoying because XCode is not context-aware, and code completion doesn't work for any object that's derived from SpriteKit. Here's my system info: XCode version: Version 12.0 (12A7209) MacOS version: MacOS Catalina 10.15.7 (19H2) Is this a bug in XCode?
Posted Last updated
.