source code static analyze with Clang "scan-build"...
caulier.gilles at gmail.com
Tue May 8 09:07:06 BST 2018
Now 3 reports are published by my BASH scripts located in project/reports :
All use the same configuration about to ignore directories to parse while
scanning : ".krazy" file on root directory.
This mailing list is CC automatically when a new report is online with the
right url to take a look.
- clang : this analyzer do not have an option to ignore directory. So i
parse all, and i filter the output HTML file before to publish.
The task is hard to complete, especially to update the analysis statistics
accordingly. Currently it's not the case, and statistics include dropped
items. I must code more and more with BASH to achieve a complete filtering.
- krazy : i only scan with "extra" checks not published to EBN (
For this last one, i passed 3 weeks and 300 commits to fix all reports. The
extra checks still under development and can generate false errors.
Take a care...
- cppcheck : very verbose, probably about 'style' code analyze. It just an
option to tune if style are not suitable. Anyway, some reports are
interesting to investigate.
To conclude : now we have suitable reports to detect wrong coding done by
contributors as students or patches.
2018-05-06 15:39 GMT+02:00 Gilles Caulier <caulier.gilles at gmail.com>:
> The url has a little bit changed :
> We have now clang and cppcheck reports posted to digiKam.org...
> 2018-05-05 14:19 GMT+02:00 Gilles Caulier <caulier.gilles at gmail.com>:
>> Hi all,
>> My Clang static analyzer script is working well now. It publish in
>> digiKam.org static area the report automatically
>> url: https://www.digikam.org/report/
>> The contents is currently and older one. I will run again the script soon
>> to update the contents.
>> 2018-05-04 17:48 GMT+02:00 Gilles Caulier <caulier.gilles at gmail.com>:
>>> Hi all,
>>> You must know that we parse norally all source code with Coverity Scan
>>> service and fix step by step the issues detected by the static analyzer.
>>> Since January, git/master cannot be processed by Coverity. The build is
>>> complete, but the report is never commited and is send in somewhere in
>>> /dev/nulll (:=)))...
>>> Coverity Scan service was acquired by a new company in 2018, and i
>>> suspect a side effect to commit report to the remote server. I contacted
>>> the Coverity team, who respond that investiguation are under progress,
>>> please wait.
>>> So, i finally try to found a new solution to parse week by week all
>>> source code to review by another static analyzer. I tried Clang one, and
>>> reports are really excellent. I written a script in project/reports/, but
>>> it's not yet perfect.
>>> The first report that clang generate is really interesting. I shared the
>>> files (web pages) in this archive :
>>> Please take a look and feel free to apply patches is necessary.
>>> I will try to finalize the script while this week end to be able to run
>>> the analyzer locally.
>>> Gilles Caulier
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Digikam-devel