scan-build fails when output directory contains a percent sign (%)

[yscialom]

Description

Whenever I'm in a directory whose fullpath contains the percent sign character (%, \x25), scan-build fails by reporting no bug.

Reproduction & Observed behaviour

$ mkdir -p /tmp/scan-build-bug/path_with_%_in_it
$ cd /tmp/scan-build-bug/path_with_%_in_it
$ echo 'void f() { auto a = new int; delete a; *a = 0; }' > bug.cpp
$ scan-build -o . make bug.o
scan-build: Using '/usr/bin/clang' for static analysis
/usr/libexec/clang-analyzer/scan-build/c++-analyzer    -c -o bug.o bug.cpp
bug.cpp:1:43: warning: Use of memory after it is freed
void f() { auto a = new int; delete a; *a = 0; }
                                       ~~ ^
warning: could not create file in '/tmp/scan-build-bug/path_with_%_in_it/2019-09-04-123616-2401-1': No such file or directory
1 warning generated.
scan-build: Removing directory '/tmp/scan-build-bug/path_with_%_in_it/2019-09-04-123616-2401-1' because it contains no reports.
scan-build: No bugs found.

Expected behaviour

$ mkdir -p /tmp/scan-build-bug/nominal
$ cd /tmp/scan-build-bug/nominal
$ echo 'void f() { auto a = new int; delete a; *a = 0; }' > bug.cpp
$ scan-build -o . make bug.o
scan-build: Using '/usr/bin/clang' for static analysis
/usr/libexec/clang-analyzer/scan-build/c++-analyzer    -c -o bug.o bug.cpp
bug.cpp:1:43: warning: Use of memory after it is freed
void f() { auto a = new int; delete a; *a = 0; }
                                       ~~ ^
1 warning generated.
scan-build: 1 bugs found.
scan-build: Run 'scan-view /tmp/scan-build-bug/nominal/2019-09-04-123649-2667-1' to examine bug reports.

Why it matters: it could ending up failing jobs silently

Well, % has no special meaning in filesystems I know. I personally use it to urlencode my jenkins jobs pathes (e.g. <root>/<project_name>/<branch>/<job_id> --> "$JENKINS_HOME/My+Awesome+Project/feature%2Fspit-fire/42"). The thing is, I run scan-build cmake before running scan-build make -o /some/proper/path. On that first run, scan-build fails silently as no bugs are expected, and for some reason it makes the second run fail.

I could work around it by using another scheme than urlencode, or adding a -o $(mktemp -d) for the first run, but come on!

Technical details

Tested on:

• Centos 7.6 : uname -a: Linux ysc-dev-01 3.10.0-957.12.1.el7.x86_64 #1 SMP Mon Apr 29 14:59:59 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux shell: zsh ** version: 3.4.2-9, installed from RPM

• Red Hat 7.? uname -a: Linux --censored-- 3.10.0-957.27.2.el7.x86_64 #1 SMP Tue Jul 9 16:53:14 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux shell: bash ** version: 3.4.2-9, installed from RPM

[yscialom]

In fact this is even worse, scan-build ... cmake doesn't work at all if the path contains a %, no workaround found:

$ mkdir -p /tmp/scan-build-bug/cmake-with%
$ cd /tmp/scan-build-bug/cmake-with%
$ echo -e 'cmake_minimum_required (VERSION 3.1)\nproject(HELLO)\nadd_library(hello bug.cpp)' > CMakeLists.txt'
$ echo 'void f() { auto a = new int; delete a; *a = 0; }' > bug.cpp
$ scan-build -o $(mktemp -d) cmake3 .
scan-build: Using '/usr/bin/clang' for static analysis
-- Configuring done
-- Generating done
-- Build files have been written to: /tmp/scan-build-bug/cmake-with%
scan-build: Removing directory '/tmp/tmp.o99DJj0TEI/2019-09-04-144135-6851-1' because it contains no reports.
scan-build: No bugs found.
$ scan-build -o $(mktemp -d) make .  
scan-build: Using '/usr/bin/clang' for static analysis
scan-build: Removing directory '/tmp/tmp.HvpdLKhP37/2019-09-04-144140-6919-1' because it contains no reports.
scan-build: No bugs found.
$ ls bug*
buf.cpp

bug.o and libhello.a havn't been built!

[rizsotto]

Hi @yscialom , thanks for the report. Interesting bug. Will look at it on the weekend.

As a workaround I would suggest not to use percent sign in the output directory. ;)

[rizsotto]

I did an investigation, and I've found that the line

warning: could not create file in '...': No such file or directory

is emited by Clang, not the scan-build. Which means, I can't really fix it. I would recommend to open a bug on Clang for this. And as a workaround, try to use another separator than %.

[yscialom]

This does not explain why scan-build cmake .. fails silently then.

[rizsotto]

I think, it's still possible that scan-build cmake .. is fine.

• I don't know what compiler your project is using. But if it's using gcc during the build (and the cmake run), that does not suffer from this bug.
• And if you are using Clang, it has multiple modes. I saw that the "static-analyzer" mode fails if the % is in the output name. There is a high chance that the "compile" or the "link" mode does not have problem with the percent sign in the output.

[rizsotto]

https://clang.llvm.org/doxygen/HTMLDiagnostics_8cpp_source.html#l00230 calls llvm::sys::fs::createUniqueFile which https://llvm.org/doxygen/Path_8cpp_source.html#l00741 substitues % characters in the whole path.

They should do it only on the filename, and not on the full path.