Difference between revisions of "Static code analysis"
(clang fixes) |
(update hostname for repo) |
||
Line 21: | Line 21: | ||
* [https://scan.coverity.com/projects/457 vzquota] was submitted as project to Coverity services. There are no known bugs found by Coverity in vzquota though. | * [https://scan.coverity.com/projects/457 vzquota] was submitted as project to Coverity services. There are no known bugs found by Coverity in vzquota though. | ||
− | * source code of vzctl was submitted to Coverity too. There are amount of issues were found and fixed with their help: [https:// | + | * source code of vzctl was submitted to Coverity too. There are amount of issues were found and fixed with their help: [https://src.openvz.org/projects/OVZL/repos/vzctl/commits/b2f9c254447837b987288bd14b40216943f8fba0 b2f9c254447], |
− | [https:// | + | [https://src.openvz.org/projects/OVZL/repos/vzctl/commits/138b341a23acdfad15667f35ddfa9bbd36603f2c 138b341a23a], |
− | [https:// | + | [https://src.openvz.org/projects/OVZL/repos/vzctl/commits/337f712eac4a47d8e46e4f505a0a9dc9399573ca 337f712eac4], |
− | [https:// | + | [https://src.openvz.org/projects/OVZL/repos/vzctl/commits/dfd699a3a525c60a06669a50d723a7680030ca40 dfd699a3a52], |
− | [https:// | + | [https://src.openvz.org/projects/OVZL/repos/vzctl/commits/767289a2eb03533973e4c186362ee8dee03a8db8 767289a2eb0], |
− | [https:// | + | [https://src.openvz.org/projects/OVZL/repos/vzctl/commits/1b01bb34a9e1effba8f8082ac4d809c30a560216 1b01bb34a9e], |
− | [https:// | + | [https://src.openvz.org/projects/OVZL/repos/vzctl/commits/eebe2c1201aef6c57b7717203db6a85bcc98cdb2 eebe2c1201a], |
− | [https:// | + | [https://src.openvz.org/projects/OVZL/repos/vzctl/commits/09f30856fb4784fe44fb8ae0ce20f8de960f263a 09f30856fb4], |
− | [https:// | + | [https://src.openvz.org/projects/OVZL/repos/vzctl/commits/54cbc8ae07afa6610308a38511ee1940afbc9623 54cbc8ae07a] |
and many others. | and many others. | ||
Revision as of 13:26, 15 May 2015
Static analysis is a technique for finding bugs just by looking at source code without actually running it. That's great, because it can find bugs that are really hard to trigger.
Contents
Tools used to static analysis of OpenVZ components
There are a number of tools which analyze C code and try to detect typical errors. None of these tools is perfect, so using different tools with OpenVZ components will detect more bugs. Be prepared to also get lots of false warnings!
cppcheck
Cppcheck is a static analysis tool for C/C++ code. Unlike C/C++ compilers and many other analysis tools it does not detect syntax errors in the code. Cppcheck primarily detects the types of bugs that the compilers normally do not detect. The goal is to detect only real errors in the code (i.e. have zero false positives).
Some OpenVZ bugs were found using cppcheck: #1309, #1308, #1307, #1306.
Coverity
- vzquota was submitted as project to Coverity services. There are no known bugs found by Coverity in vzquota though.
- source code of vzctl was submitted to Coverity too. There are amount of issues were found and fixed with their help: b2f9c254447,
138b341a23a, 337f712eac4, dfd699a3a52, 767289a2eb0, 1b01bb34a9e, eebe2c1201a, 09f30856fb4, 54cbc8ae07a and many others.
- CRIU was checked by Coverity too. We have found number of bugs with it: 08cdae901b56, 2b8f61393e0b, 4f9e509c1597,
8d11952f6bc4, 5e82fba10ed4, 1e919423a845, 1e0e83701f44
Clang
- source code of CRIU was checked clang static analyzer:
3ea2fd78ebe21, e2a0be63d4b8e, a6c5953a80d24, f54f9f0efa8cd, f238d56661dae, fcfd705d39b10, 6ce8d8ab9309f