Hi,
Just for fun, I ran the llvm/clang static source code analyzer on openttd (svn trunk r26281).
For those interested, the results can be found here: http://clang-scans.rhcloud.com/openttd/
Static source code analysis of openttd
Moderator: OpenTTD Developers
Re: Static source code analysis of openttd
Nice.
Now please filter out the false positives.
For example
http://clang-scans.rhcloud.com/openttd/ ... ml#EndPath
step 1 and step 2 have the same variable, and the same end condition, so either both end conditions are false or they are both true.
Now please filter out the false positives.
For example
http://clang-scans.rhcloud.com/openttd/ ... ml#EndPath
step 1 and step 2 have the same variable, and the same end condition, so either both end conditions are false or they are both true.
Re: Static source code analysis of openttd
You are quite right: automated static analysis of source code is not perfect, and will always report false positives as well as uncover real bugs. Unfortunately, there is no other way to determine what the real bugs are and what the false positives are, than to manually inspect the individual reports. Developers that are familiar with the code base that is analyzed are likely to find this easier than those that are not.
So feel free to either inspect or ignore the reports. I know that manual inspection is a lot of hard work, and may not be very rewarding either. Thank you for taking the time to investigate at least one of those reports.
I just found it unlikely that all 87 reports are false positives, so I decided to share the results.
So feel free to either inspect or ignore the reports. I know that manual inspection is a lot of hard work, and may not be very rewarding either. Thank you for taking the time to investigate at least one of those reports.
I just found it unlikely that all 87 reports are false positives, so I decided to share the results.
Re: Static source code analysis of openttd
i had a quick glance at the "Unix API Undefined allocation of 0 bytes (CERT MEM04-C; CWE-131) newgrf.cpp" one, and comparing with the other functions in alloc_func.hpp, that's probably valid
- Attachments
-
- alloc_0.diff
- (untested)
- (530 Bytes) Downloaded 105 times
Re: Static source code analysis of openttd
Thanks for looking at that one, and providing the patch.
Who is online
Users browsing this forum: No registered users and 15 guests