Difference between revisions of "Static code analysis"
(mention testing criu by coverity) |
(clang fixes) |
||
| Line 39: | Line 39: | ||
| − | === | + | === Clang === |
| + | |||
| + | * source code of [http://criu.org/Main_Page CRIU] was checked clang static analyzer: | ||
| + | [https://github.com/xemul/criu/commit/3ea2fd78ebe21a9dc2f8d64498f3894d4cc310a8 3ea2fd78ebe21], | ||
| + | [https://github.com/xemul/criu/commit/e2a0be63d4b8e1e032494f78fffb7f2c493b793c e2a0be63d4b8e], | ||
| + | [https://github.com/xemul/criu/commit/a6c5953a80d2498b322c4c61ac5a4a52b7a76ee4 a6c5953a80d24], | ||
| + | [https://github.com/xemul/criu/commit/f54f9f0efa8cd6ce14e66e7935bd2625b6f249ad f54f9f0efa8cd], | ||
| + | [https://github.com/xemul/criu/commit/f238d56661dae6d555cae249fdf58864268c267d f238d56661dae], | ||
| + | [https://github.com/xemul/criu/commit/fcfd705d39b10da4a01227bc0cba75ab2dbab4b3 fcfd705d39b10], | ||
| + | [https://github.com/xemul/criu/commit/6ce8d8ab9309f31340edd1e1f5dfc5a6a23759e5 6ce8d8ab9309f] | ||
| − | |||
Revision as of 13:25, 15 May 2015
Static analysis is a technique for finding bugs just by looking at source code without actually running it. That's great, because it can find bugs that are really hard to trigger.
Contents
Tools used to static analysis of OpenVZ components
There are a number of tools which analyze C code and try to detect typical errors. None of these tools is perfect, so using different tools with OpenVZ components will detect more bugs. Be prepared to also get lots of false warnings!
cppcheck
Cppcheck is a static analysis tool for C/C++ code. Unlike C/C++ compilers and many other analysis tools it does not detect syntax errors in the code. Cppcheck primarily detects the types of bugs that the compilers normally do not detect. The goal is to detect only real errors in the code (i.e. have zero false positives).
Some OpenVZ bugs were found using cppcheck: #1309, #1308, #1307, #1306.
Coverity
- vzquota was submitted as project to Coverity services. There are no known bugs found by Coverity in vzquota though.
- source code of vzctl was submitted to Coverity too. There are amount of issues were found and fixed with their help: b2f9c254447,
138b341a23a, 337f712eac4, dfd699a3a52, 767289a2eb0, 1b01bb34a9e, eebe2c1201a, 09f30856fb4, 54cbc8ae07a and many others.
- CRIU was checked by Coverity too. We have found number of bugs with it: 08cdae901b56, 2b8f61393e0b, 4f9e509c1597,
8d11952f6bc4, 5e82fba10ed4, 1e919423a845, 1e0e83701f44
Clang
- source code of CRIU was checked clang static analyzer:
3ea2fd78ebe21, e2a0be63d4b8e, a6c5953a80d24, f54f9f0efa8cd, f238d56661dae, fcfd705d39b10, 6ce8d8ab9309f
