Changes

Jump to: navigation, search

Static code analysis

1,237 bytes added, 15:46, 9 April 2015
Describe used static analysis tools
{{Stub}}

Static analysis is a technique for finding bugs just by looking at source code without actually running it. That's great, because it can find bugs that are really hard to trigger.

== Tools used to static analysis of OpenVZ components ==

There are a number of tools which analyze C code and try to detect typical errors.
None of these tools is perfect, so using different tools with OpenVZ components
will detect more bugs. Be prepared to also get lots of false warnings!

=== cppcheck ===

Cppcheck is a static analysis tool for C/C++ code. Unlike C/C++ compilers
and many other analysis tools it does not detect syntax errors in the code.
Cppcheck primarily detects the types of bugs that the compilers normally do not detect.
The goal is to detect only real errors in the code (i.e. have zero false positives).

Some OpenVZ bugs were found using cppcheck: {{B|1309}}, {{B|1308}}, {{B|1307}}, {{B|1306}}.

=== Coverity ===

vzquota https://scan.coverity.com/projects/457


== Static analysis tools ==

* [http://clang.llvm.org/ Clang Static Analyzer]
* [http://coccinelle.lip6.fr/ Coccinelle]
* [http://repo.or.cz/w/smatch.git smatch]
* [http://saturn.stanford.edu/ Saturn]
* [http://www.dwheeler.com/flawfinder/ Flawfinder]

Navigation menu