Static analysis

From LeechCraft
Jump to: navigation, search

This page describes running static analyzers over LeechCraft codebase.

clang's static-analyzer

Assuming a Linux build host and otherwise buildable LeechCraft:

cd path/to/leechcraft
mkdir -p build/clang-analyzer
cd build/clang-analyzer
export CCC_CC=/usr/bin/clang
export CCC_CXX=/usr/bin/clang++
cmake -DCMAKE_C_COMPILER=/usr/libexec/ccc-analyzer -DCMAKE_CXX_COMPILER=/usr/libexec/c++-analyzer -DUSE_CPP14=True -DUSE_QT5=True -DENABLE_AGGREGATOR_WEBACCESS=True -DENABLE_AZOTH_OTROID=True -DENABLE_AZOTH_SARIN=True -DENABLE_AZOTH_VELVETBIRD=True -DENABLE_LMP_JOS=True -DENABLE_LMP_MTPSYNC=True -DENABLE_LMP_POTORCHU=True -DENABLE_POSHUKU_QRD=True -DENABLE_QROSP=True -DENABLE_SNAILS=True -DENABLE_OTZERKALU=True -DUSE_LIBTIDY_HTML5=True ../../src
scan-build -maxloop 8 -enable-checker alpha.core.BoolAssignment -enable-checker alpha.core.CastSize -enable-checker alpha.core.DynamicTypeChecker -enable-checker alpha.core.FixedAddr -enable-checker alpha.core.IdenticalExpr -enable-checker alpha.core.PointerArithm -enable-checker alpha.core.PointerSub -enable-checker alpha.core.SizeofPtr -enable-checker alpha.core.TestAfterDivZero -enable-checker alpha.cplusplus.VirtualCall -enable-checker  alpha.deadcode.UnreachableCode -enable-checker alpha.security.ArrayBoundV2 -enable-checker alpha.security.MallocOverflow -enable-checker alpha.security.ReturnPtrRange -enable-checker alpha.unix.PthreadLock -enable-checker alpha.unix.Stream -enable-checker alpha.unix.cstring.BufferOverlap -enable-checker alpha.unix.cstring.NotNullTerminated -enable-checker alpha.unix.cstring.OutOfBounds -enable-checker nullability.NullableDereferenced -enable-checker optin.performance.Padding -enable-checker security.insecureAPI.rand -enable-checker security.insecureAPI.strcpy make -j12

Adjust your path to clang, clang++ and ccc-analyzer if necessary.

In the above cmake command, all the more or less buildable and maintained components are enabled.

cppcheck

It's pretty noisy, full of false positives and generally looks like it's regexp-based, but well.

cppcheck --suppress=noExplicitConstructor --enable=all -j 12 . 2> errorList.txt