Static code analysis available

Mark Kretschmann kretschmann at kde.org
Thu Jun 27 15:03:55 UTC 2013


Hi all,

we have now available static code analysis from two different tools.
Both of the tool chains are not yet automated, i.e. not integrated
with the CI and updated automatically, but they currently depend on
manual uploading of Amarok source tree snapshots.

The first tool is clang-analyzer, which proved to be surprisingly
effective. Note the very nice visualizations of the chain of logic
leading to each defect. You can access the results of a preliminary
scan here:

http://dev.hades.name/scanview/amarok/

Regarding quality of the analysis, there is one glaring issue with
Q_ASSERT, which leads to a great number of false positives. To get rid
of these it seems we would have to use a patched version of the macro,
as detailed here:
http://clang-analyzer.llvm.org/annotations.html#custom_assertions

Then we also have access to Coverity, which is a popular commercial
tool offering free scans for open source projects. To get access,
create an account on the following site, and then simply click "Add
Project", and then "Amarok":

http://scan.coverity.com/

--
Mark Kretschmann
Amarok Developer
Fellow of the Free Software Foundation Europe
http://amarok.kde.org - http://fsfe.org


More information about the Amarok-devel mailing list