Install, wire up MCP, and browse the rule catalog.
HyperAnalyzer ships as a Python package. Python 3.11 or newer.
pip install hyperanalyzerlibclang is bundled, no separate Clang installation required.
hyperanalyzer analyze src/loader.cpp
hyperanalyzer analyze --compile-db build/ src/
When a compile_commands.json
is present, HyperAnalyzer honours the exact compile flags your build
system uses so the AST and type info are identical to what your
compiler sees.
HyperAnalyzer ships with an MCP server entry point. Add it to your Claude Code config:
{
"mcpServers": {
"hyperanalyzer": {
"command": "hyperanalyzer-mcp",
"args": []
}
}
}
From then on Claude can call the analyze_file,
analyze_snippet,
analyze_diff,
list_rules
and explain_finding
tools as part of its normal edit loop.
19 rules · 9 shipping · 2 beta · 8 planned
Calling CreateThread, LoadLibrary, CoInitialize or any loader-lock-sensitive API inside DllMain can deadlock the loader lock at process load time.
Use _beginthreadex / _endthreadex so the CRT can initialise per-thread state. Raw CreateThread leaks CRT state and causes subtle heap corruption.
Extension of HA001. Loading a DLL inside another DLL's entry point recurses into the loader lock and deadlocks the process.
sizeof on a pointer returns the pointer width, not the buffer size. Classic under-copy bug LLMs produce when refactoring arrays into heap buffers.
(a - b) < c on unsigned types wraps around zero and silently becomes a huge value, producing logic bugs that compile cleanly and pass review.
Password, key or token buffers that are not memset_s / SecureZeroMemory'd on every return path leak through stack reuse and core dumps.
Allocation result used immediately without a null / nothrow check. Low-memory paths are exactly where LLMs skip defensive code.
Unbounded string APIs on any tainted source. Use snprintf / strncpy_s / std::format.
AES / HMAC / signing keys embedded as string or byte-array literals. Detected via entropy + call-site heuristic.
Typical refactoring leftover: a new assignment is added but the old one is not deleted. Dead stores hide real logic errors.
Unsigned compared with < 0, sizeof() compared with a negative. Dead branches that look defensive but never execute.
if (x = 10) { ... } the classic single-equals bug. High precision, catches real refactoring slip-ups.
Fall-through without an explicit [[fallthrough]] attribute or comment. LLMs generate these when translating if/else chains.
Cheap win: emplace_back constructs in place. LLMs default to push_back because the training data predates C++11.
Source object is dead after the copy; a move would be free. Detected via libclang liveness on the enclosing block.
Reordering fields by descending size can shrink the struct by 20–40 % on 64-bit targets.
Multi-variable invariants guarded by a single atomic, a classic data race pattern. Suggests std::mutex or std::shared_mutex.
Manual resource acquisition without RAII. Suggests unique_ptr with custom deleter or a scope guard.
Regex + entropy detection on known key prefixes (AKIA, AIzaSy, sk_live_, ghp_, …). Language-agnostic.
Our rule roadmap is driven by the failure modes we see in real LLM-generated code. If Claude keeps writing the same bug class in your codebase, tell us and a well-documented failure case usually becomes a rule within a week.