Static source code analysis of openttd

[lbalbalba]

Hi,

Just for fun, I ran the llvm/clang static source code analyzer on openttd (svn trunk r26281).

For those interested, the results can be found here: http://clang-scans.rhcloud.com/openttd/

[Alberth]

Nice.
Now please filter out the false positives.


For example

http://clang-scans.rhcloud.com/openttd/ ... ml#EndPath

step 1 and step 2 have the same variable, and the same end condition, so either both end conditions are false or they are both true.

[lbalbalba]

You are quite right: automated static analysis of source code is not perfect, and will always report false positives as well as uncover real bugs. Unfortunately, there is no other way to determine what the real bugs are and what the false positives are, than to manually inspect the individual reports. Developers that are familiar with the code base that is analyzed are likely to find this easier than those that are not.

So feel free to either inspect or ignore the reports. I know that manual inspection is a lot of hard work, and may not be very rewarding either. Thank you for taking the time to investigate at least one of those reports.

I just found it unlikely that all 87 reports are false positives, so I decided to share the results.

[Eddi]

i had a quick glance at the "Unix API Undefined allocation of 0 bytes (CERT MEM04-C; CWE-131) newgrf.cpp" one, and comparing with the other functions in alloc_func.hpp, that's probably valid

[lbalbalba]

Thanks for looking at that one, and providing the patch.