Static code analysis available
Matěj Laitl
matej at laitl.cz
Thu Jun 27 18:43:02 UTC 2013
On 27. 6. 2013 Mark Kretschmann wrote:
> Hi all,
>
> we have now available static code analysis from two different tools.
> Both of the tool chains are not yet automated, i.e. not integrated
> with the CI and updated automatically, but they currently depend on
> manual uploading of Amarok source tree snapshots.
>
> The first tool is clang-analyzer, which proved to be surprisingly
> effective. Note the very nice visualizations of the chain of logic
> leading to each defect. You can access the results of a preliminary
> scan here:
>
> http://dev.hades.name/scanview/amarok/
>
> Regarding quality of the analysis, there is one glaring issue with
> Q_ASSERT, which leads to a great number of false positives. To get rid
> of these it seems we would have to use a patched version of the macro,
> as detailed here:
> http://clang-analyzer.llvm.org/annotations.html#custom_assertions
>
> Then we also have access to Coverity, which is a popular commercial
> tool offering free scans for open source projects. To get access,
> create an account on the following site, and then simply click "Add
> Project", and then "Amarok":
>
> http://scan.coverity.com/
Good work, Markey and Edward, both reports seem to be quite useful and I've
seen they discover real (potential) problems.
Matěj
More information about the Amarok-devel
mailing list