Page 1 of 1
Static source code analysis of openttd
Posted: 29 Jan 2014 09:23
by lbalbalba
Hi,
Just for fun, I ran the llvm/clang static source code analyzer on openttd (svn trunk r26281).
For those interested, the results can be found here:
http://clang-scans.rhcloud.com/openttd/
Re: Static source code analysis of openttd
Posted: 29 Jan 2014 11:46
by Alberth
Nice.
Now please filter out the false positives.
For example
http://clang-scans.rhcloud.com/openttd/ ... ml#EndPath
step 1 and step 2 have the same variable, and the same end condition, so either both end conditions are false or they are both true.
Re: Static source code analysis of openttd
Posted: 29 Jan 2014 12:45
by lbalbalba
You are quite right: automated static analysis of source code is not perfect, and will always report false positives as well as uncover real bugs. Unfortunately, there is no other way to determine what the real bugs are and what the false positives are, than to manually inspect the individual reports. Developers that are familiar with the code base that is analyzed are likely to find this easier than those that are not.
So feel free to either inspect or ignore the reports. I know that manual inspection is a lot of hard work, and may not be very rewarding either. Thank you for taking the time to investigate at least one of those reports.
I just found it unlikely that all 87 reports are false positives, so I decided to share the results.
Re: Static source code analysis of openttd
Posted: 29 Jan 2014 18:20
by Eddi
i had a quick glance at the "Unix API Undefined allocation of 0 bytes (CERT MEM04-C; CWE-131) newgrf.cpp" one, and comparing with the other functions in alloc_func.hpp, that's probably valid
Re: Static source code analysis of openttd
Posted: 30 Jan 2014 00:01
by lbalbalba
Thanks for looking at that one, and providing the patch.