Difference between revisions of "Static code analysis"
(Add info about vzctl changes fixes problems found by Coverity) |
m |
||
(5 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | |||
− | |||
Static analysis is a technique for finding bugs just by looking at source code without actually running it. That's great, because it can find bugs that are really hard to trigger. | Static analysis is a technique for finding bugs just by looking at source code without actually running it. That's great, because it can find bugs that are really hard to trigger. | ||
Line 18: | Line 16: | ||
Some OpenVZ bugs were found using cppcheck: {{B|1309}}, {{B|1308}}, {{B|1307}}, {{B|1306}}. | Some OpenVZ bugs were found using cppcheck: {{B|1309}}, {{B|1308}}, {{B|1307}}, {{B|1306}}. | ||
+ | === Coverity === | ||
+ | |||
+ | * [https://scan.coverity.com/projects/457 vzquota] | ||
+ | * [https://scan.coverity.com/projects/354 vzctl] fixes [https://src.openvz.org/projects/OVZL/repos/vzctl/commits/b2f9c254447837b987288bd14b40216943f8fba0 b2f9c254447],[https://src.openvz.org/projects/OVZL/repos/vzctl/commits/138b341a23acdfad15667f35ddfa9bbd36603f2c 138b341a23a],[https://src.openvz.org/projects/OVZL/repos/vzctl/commits/337f712eac4a47d8e46e4f505a0a9dc9399573ca 337f712eac4],[https://src.openvz.org/projects/OVZL/repos/vzctl/commits/dfd699a3a525c60a06669a50d723a7680030ca40 dfd699a3a52],[https://src.openvz.org/projects/OVZL/repos/vzctl/commits/767289a2eb03533973e4c186362ee8dee03a8db8 767289a2eb0],[https://src.openvz.org/projects/OVZL/repos/vzctl/commits/1b01bb34a9e1effba8f8082ac4d809c30a560216 1b01bb34a9e],[https://src.openvz.org/projects/OVZL/repos/vzctl/commits/eebe2c1201aef6c57b7717203db6a85bcc98cdb2 eebe2c1201a],[https://src.openvz.org/projects/OVZL/repos/vzctl/commits/09f30856fb4784fe44fb8ae0ce20f8de960f263a 09f30856fb4],[https://src.openvz.org/projects/OVZL/repos/vzctl/commits/54cbc8ae07afa6610308a38511ee1940afbc9623 54cbc8ae07a] and many others. | ||
+ | * [https://scan.coverity.com/projects/4700 CRIU] fixes [https://github.com/xemul/criu/commit/08cdae901b566092370f03c23de83f544373e45b 08cdae901b56],[https://github.com/xemul/criu/commit/2b8f61393e0b99e36e292880f6b8da66317176a1 2b8f61393e0b],[https://github.com/xemul/criu/commit/4f9e509c1597d1782e953dc7a83acc4454b2b7ef 4f9e509c1597],[https://github.com/xemul/criu/commit/8d11952f6bc43cdd0a60d4cd8d62d180d4d50877 8d11952f6bc4],[https://github.com/xemul/criu/commit/5e82fba10ed4955385cf3183395a96d7f1121d24 5e82fba10ed4],[https://github.com/xemul/criu/commit/1e919423a845a16f41dc298bf11e20a3b29af4cf 1e919423a845],[https://github.com/xemul/criu/commit/1e0e83701f441852cccae40c97135884aff942b4 1e0e83701f44] | ||
+ | * [https://scan.coverity.com/projects/5649?tab=overview libvzctl] | ||
+ | * [https://scan.coverity.com/projects/383 ploop] | ||
− | === | + | === Clang === |
− | * [https:// | + | * source code of [http://criu.org/Main_Page CRIU] was checked clang static analyzer:[https://github.com/xemul/criu/commit/3ea2fd78ebe21a9dc2f8d64498f3894d4cc310a8 3ea2fd78ebe21],[https://github.com/xemul/criu/commit/e2a0be63d4b8e1e032494f78fffb7f2c493b793c e2a0be63d4b8e],[https://github.com/xemul/criu/commit/a6c5953a80d2498b322c4c61ac5a4a52b7a76ee4 a6c5953a80d24],[https://github.com/xemul/criu/commit/f54f9f0efa8cd6ce14e66e7935bd2625b6f249ad f54f9f0efa8cd],[https://github.com/xemul/criu/commit/f238d56661dae6d555cae249fdf58864268c267d f238d56661dae],[https://github.com/xemul/criu/commit/fcfd705d39b10da4a01227bc0cba75ab2dbab4b3 fcfd705d39b10],[https://github.com/xemul/criu/commit/6ce8d8ab9309f31340edd1e1f5dfc5a6a23759e5 6ce8d8ab9309f] |
− | + | === PVS-Studio === | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
+ | * [http://openvz.livejournal.com/50776.html Analyzing OpenVZ Components with PVS-Studio] | ||
== Static analysis tools == | == Static analysis tools == |
Latest revision as of 14:38, 23 July 2015
Static analysis is a technique for finding bugs just by looking at source code without actually running it. That's great, because it can find bugs that are really hard to trigger.
Contents
Tools used to static analysis of OpenVZ components[edit]
There are a number of tools which analyze C code and try to detect typical errors. None of these tools is perfect, so using different tools with OpenVZ components will detect more bugs. Be prepared to also get lots of false warnings!
cppcheck[edit]
Cppcheck is a static analysis tool for C/C++ code. Unlike C/C++ compilers and many other analysis tools it does not detect syntax errors in the code. Cppcheck primarily detects the types of bugs that the compilers normally do not detect. The goal is to detect only real errors in the code (i.e. have zero false positives).
Some OpenVZ bugs were found using cppcheck: #1309, #1308, #1307, #1306.
Coverity[edit]
- vzquota
- vzctl fixes b2f9c254447,138b341a23a,337f712eac4,dfd699a3a52,767289a2eb0,1b01bb34a9e,eebe2c1201a,09f30856fb4,54cbc8ae07a and many others.
- CRIU fixes 08cdae901b56,2b8f61393e0b,4f9e509c1597,8d11952f6bc4,5e82fba10ed4,1e919423a845,1e0e83701f44
- libvzctl
- ploop
Clang[edit]
- source code of CRIU was checked clang static analyzer:3ea2fd78ebe21,e2a0be63d4b8e,a6c5953a80d24,f54f9f0efa8cd,f238d56661dae,fcfd705d39b10,6ce8d8ab9309f