tag:blogger.com,1999:blog-6722837983802369306.post2470350245605934325..comments2016-03-23T06:05:00.928-07:00Comments on emacs dump: Analyzing Samba with PVS-Studio on LinuxUnknownnoreply@blogger.comBlogger2125tag:blogger.com,1999:blog-6722837983802369306.post-50853225099331057792016-03-23T06:05:00.928-07:002016-03-23T06:05:00.928-07:00>What version of Samba have you analyzed? Git r...>What version of Samba have you analyzed? Git revision?<br /><br />commit feac8bf I believe.<br /><br />>The compiler haven't reported any warnings even with -Wextra or similar? What compiler (and version) have you used. The svn trunk versions of gcc-6 and clang getting even more strict.<br /><br />I usually work on a small subset of the project and recompile only those files (and I pay attention there). The waf build script enables very specific warnings (no includes-all flags like -Wextra). I believe <a href="https://lists.samba.org/archive/samba-technical/2016-March/112626.html" rel="nofollow">GCC6 found an indent error recently</a>. I personally use whatever GCC version is available on my work machine, which happens to be 4.8.3 at the moment.<br /><br />>cppcheck and clang static analyzer haven't warned about these issues?<br /><br />I haven't tried cppcheck. I believe someone on the team already runs the clang analyser before on the codebase.<br /><br />>gcc's and clang's ubsan haven't reported undefined behavior?<br /><br />I just took a look when we have a developper option on the build script to enable the address sanitizer but that's it. I will look into adding support for the rest of UBSan, thanks for the hint!<br /><br />>coverity hasn't found these bugs?<br /><br />I believe the project is already coverity-checked. These bugs might have been caught but ignored/missed or simply went undetected.<br /><br />>How many real bugs have been found at all? For 2 million code lines it looks like very very few.<br /><br />I still havent worked through all the reports. The remaining level-1 warnings require more analyzing. But so far a dozen and mostly on code that is not that used or poorly tested (we have an extensive test suite for the most critical code paths).<br /><br />>Have you submitted these fixes already?<br /><br />Yes, all the issues mentioned in this post have been fixed. Every patch is sent to the <a href="https://lists.samba.org/archive/samba-technical/" rel="nofollow">samba-technical mailling-list</a> where it has to be reviewed by 2 other core members<br />to get merged. It's a slow process so I try to only submit actual fixes and with good explanations to not waste time. That means I usually avoid small possible cleanups found via PVS related warnings.<br /><br />I should add that PVS-Studio found several issues that are more complex to explain (or sensible) or harder to make sure they are actual issues, or harder to fix so I haven't mentioned them. Finally I have only looked at the level 1 report which is already pretty huge.<br />aaptelhttps://www.blogger.com/profile/00970162952371682775noreply@blogger.comtag:blogger.com,1999:blog-6722837983802369306.post-65341935388155197942016-03-22T14:33:04.934-07:002016-03-22T14:33:04.934-07:00Thanks for your efforts! Great you could run the t...Thanks for your efforts! Great you could run the tool on GNU/Linux.<br /><br />Now I have a couple of questions:<br />* What version of Samba have you analyzed? Git revision?<br />* The compiler haven't reported any warnings even with -Wextra or similar? What compiler (and version) have you used. The svn trunk versions of gcc-6 and clang getting even more strict.<br />* cppcheck and clang static analyzer haven't warned about these issues?<br />* gcc's and clang's ubsan haven't reported undefined behavior?<br />* coverity hasn't found these bugs?<br />* How many real bugs have been found at all? For 2 million code lines it looks like very very few.<br />* Have you submitted these fixes already?<br /><br />Regards,<br />AndreyAnonymoushttps://www.blogger.com/profile/11694362786090712206noreply@blogger.com