y.a. static code analysis

y.a. static code analysis

[Serhat Şevki Dinçer]

[-- Attachment #1: Type: text/plain, Size: 1837 bytes --]

hi,
although static code analysis have apparently been used/mentioned
here, i did not see any mention of cppcheck
(http://cppcheck.wiki.sourceforge.net) in the mailist archive. i was
playing with cppcheck (1.32) on some OSS, so i decided to try it on
git (1.6.3.1) as well.
$ cppcheck -a -q -s . &> ccgit.txt
possibly the most useful parts of the output are:
$ grep -v 'is never used\|The scope of the variable\| Error: In' ccgit.txt
i think only the ones about date.c (below note) are real defects
(first chars are not checked).

and also how about http://scan.coverity.com? i see it was mentined
before (http://article.gmane.org/gmane.comp.version-control.git/111562)
with apparently no responses or arguments (there has been a suggestion
of bad license terms in that message, but if the scan is suitable for
so many FOSS (see all rungs) including the kernel, why would it be not
good for git?). i think it could be a good free (as in beer) code
check for git.
regards

note:
[./builtin-apply.c:482]: (error) Using 'name' after it is deallocated / released
[./compat/mingw.c:273]: (style) Found 'mktemp'. You should use 'mkstemp' instead
[./compat/mkdtemp.c:5]: (style) Found 'mktemp'. You should use 'mkstemp' instead
[./date.c:268]: (style) Redundant code: Found a statement that begins
with numeric constant
[./date.c:483]: (style) Redundant code: Found a statement that begins
with numeric constant
[./http-push.c:1419]: (error) Using 'lock' after it is deallocated / released
[./read-cache.c:938] -> [./read-cache.c:759] -> [./read-cache.c:729]:
(all) Array index out of bounds
[./read-cache.c:938] -> [./read-cache.c:759] -> [./read-cache.c:731]:
(all) Array index out of bounds
[./read-cache.c:938] -> [./read-cache.c:759] -> [./read-cache.c:736]:
(all) Array index out of bounds
[./test-sha1.c:16]: (error) Memory leak: buffer

[-- Attachment #2: ccgit.txt --]
[-- Type: text/plain, Size: 8511 bytes --]

[./alloc.c:41]: (style) struct or union member 'any_object::object' is never used
[./alloc.c:42]: (style) struct or union member 'any_object::blob' is never used
[./alloc.c:43]: (style) struct or union member 'any_object::tree' is never used
[./alloc.c:44]: (style) struct or union member 'any_object::commit' is never used
[./alloc.c:45]: (style) struct or union member 'any_object::tag' is never used
[./archive-zip.c:31]: (style) struct or union member 'zip_local_header::_end' is never used
[./archive-zip.c:52]: (style) struct or union member 'zip_dir_header::_end' is never used
[./archive-zip.c:64]: (style) struct or union member 'zip_dir_trailer::_end' is never used
[./archive.c:278]: (style) The scope of the variable i can be limited
[./builtin-apply.c:1445]: (style) The scope of the variable i can be limited
[./builtin-apply.c:1912]: (style) The scope of the variable added can be limited
[./builtin-apply.c:2108]: (style) The scope of the variable len can be limited
[./builtin-apply.c:3246]: (style) The scope of the variable binary can be limited
[./builtin-apply.c:157]: (style) struct or union member 'patch::deflate_origlen' is never used
[./builtin-apply.c:482]: (error) Using 'name' after it is deallocated / released
[./builtin-blame.c:1540]: (style) The scope of the variable time_len can be limited
[./builtin-blame.c:1541]: (style) The scope of the variable tz can be limited
[./builtin-checkout.c:599]: (style) The scope of the variable has_dash_dash can be limited
[./builtin-commit.c:419]: (style) The scope of the variable saved_color_setting can be limited
[./builtin-grep.c:399]: (style) The scope of the variable kept can be limited
[./builtin-mailinfo.c:683]: (style) The scope of the variable i can be limited
[./builtin-merge.c:527]: (style) The scope of the variable ret can be limited
[./builtin-mv.c:99]: (style) The scope of the variable src_is_dir can be limited
[./builtin-pack-objects.c:1023]: (style) The scope of the variable used_0 can be limited
[./builtin-pack-objects.c:1025]: (style) The scope of the variable ofs can be limited
[./builtin-pack-objects.c:1026]: (style) The scope of the variable c can be limited
[./builtin-remote.c:484]: (style) The scope of the variable flag can be limited
[./builtin-remote.c:1002]: (style) The scope of the variable i can be limited
[./builtin-remote.c:1067]: (style) The scope of the variable i can be limited
[./builtin-revert.c:52]: (style) The scope of the variable noop can be limited
[./builtin-show-branch.c:356]: (style) The scope of the variable i can be limited
[./builtin-show-branch.c:834]: (style) The scope of the variable j can be limited
[./combine-diff.c:913]: (style) The scope of the variable offset can be limited
[./compat/mingw.c:273]: (style) Found 'mktemp'. You should use 'mkstemp' instead
[./compat/mkdtemp.c:5]: (style) Found 'mktemp'. You should use 'mkstemp' instead
### Error: Invalid number of character {
### Error: Invalid number of character {
### Error: Invalid number of character {
### Error: Invalid number of character {
### Error: Invalid number of character {
### Error: Invalid number of character {
### Error: Invalid number of character {
### Error: Invalid number of character {
### Error: Invalid number of character {
### Error: Invalid number of character {
### Error: Invalid number of character {
### Error: Invalid number of character {
[./config.c:747]: (style) The scope of the variable section_len can be limited
[./config.c:816]: (style) The scope of the variable i can be limited
[./connect.c:376]: (style) The scope of the variable hostlen can be limited
[./date.c:370]: (style) The scope of the variable now can be limited
[./date.c:268]: (style) Redundant code: Found a statement that begins with numeric constant
[./date.c:483]: (style) Redundant code: Found a statement that begins with numeric constant
[./diff-no-index.c:209]: (style) The scope of the variable j can be limited
[./diffcore-break.c:170]: (style) The scope of the variable score can be limited
[./dir.c:300]: (style) The scope of the variable i can be limited
[./entry.c:97]: (style) The scope of the variable fd can be limited
[./entry.c:97]: (style) The scope of the variable ret can be limited
[./entry.c:100]: (style) The scope of the variable size can be limited
[./entry.c:101]: (style) The scope of the variable wrote can be limited
[./fast-import.c:945]: (style) The scope of the variable i can be limited
[./git.c:138]: (style) The scope of the variable count can be limited
[./git.c:138]: (style) The scope of the variable option_count can be limited
[./grep.c:375]: (style) The scope of the variable match can be limited
[./help.c:132]: (style) The scope of the variable n can be limited
[./http-push.c:1162]: (style) The scope of the variable sha_ctx can be limited
[./http-push.c:128]: (style) struct or union member 'transfer_request::errorstr' is never used
[./http-push.c:1419]: (error) Using 'lock' after it is deallocated / released
[./imap-send.c:419]: (style) The scope of the variable va can be limited
[./imap-send.c:431]: (style) The scope of the variable va can be limited
[./imap-send.c:544]: (style) The scope of the variable n can be limited
[./imap-send.c:987]: (style) The scope of the variable s can be limited
[./imap-send.c:988]: (style) The scope of the variable pid can be limited
[./imap-send.c:1162]: (style) The scope of the variable j can be limited
[./imap-send.c:1163]: (style) The scope of the variable start can be limited
[./imap-send.c:33]: (style) struct or union member 'store_conf::path' is never used
[./imap-send.c:34]: (style) struct or union member 'store_conf::map_inbox' is never used
[./imap-send.c:42]: (style) struct or union member 'string_list::string' is never used
[./imap-send.c:48]: (style) struct or union member 'channel_conf::master' is never used
[./imap-send.c:48]: (style) struct or union member 'channel_conf::slave' is never used
[./imap-send.c:49]: (style) struct or union member 'channel_conf::master_name' is never used
[./imap-send.c:49]: (style) struct or union member 'channel_conf::slave_name' is never used
[./imap-send.c:50]: (style) struct or union member 'channel_conf::sync_state' is never used
[./imap-send.c:51]: (style) struct or union member 'channel_conf::patterns' is never used
[./imap-send.c:52]: (style) struct or union member 'channel_conf::mops' is never used
[./imap-send.c:52]: (style) struct or union member 'channel_conf::sops' is never used
[./imap-send.c:59]: (style) struct or union member 'group_conf::channels' is never used
[./imap-send.c:71]: (style) struct or union member 'message::uid' is never used
[./imap-send.c:72]: (style) struct or union member 'message::status' is never used
[./imap-send.c:80]: (style) struct or union member 'store::path' is never used
[./imap-send.c:83]: (style) struct or union member 'store::opts' is never used
[./imap-send.c:143]: (style) struct or union member 'imap_store_conf::server' is never used
[./index-pack.c:298]: (style) The scope of the variable base_offset can be limited
[./object.c:189]: (style) The scope of the variable eaten can be limited
[./pretty.c:593]: (style) The scope of the variable h1 can be limited
[./pretty.c:593]: (style) The scope of the variable h2 can be limited
[./read-cache.c:938] -> [./read-cache.c:759] -> [./read-cache.c:729]: (all) Array index out of bounds
[./read-cache.c:938] -> [./read-cache.c:759] -> [./read-cache.c:731]: (all) Array index out of bounds
[./read-cache.c:938] -> [./read-cache.c:759] -> [./read-cache.c:736]: (all) Array index out of bounds
[./refs.c:69]: (style) The scope of the variable psize can be limited
[./refs.c:69]: (style) The scope of the variable qsize can be limited
[./refs.c:69]: (style) The scope of the variable cmp can be limited
[./sha1_file.c:1926]: (style) The scope of the variable offset can be limited
[./sha1_file.c:1989]: (style) The scope of the variable size can be limited
[./sha1_file.c:2519]: (style) The scope of the variable fd can be limited
[./sha1_name.c:684]: (style) The scope of the variable size can be limited
[./symlinks.c:76]: (style) The scope of the variable previous_slash can be limited
[./symlinks.c:77]: (style) The scope of the variable match_flags can be limited
[./test-sha1.c:16]: (error) Memory leak: buffer
[./unpack-trees.c:577]: (style) The scope of the variable ret can be limited
[./upload-pack.c:106]: (style) The scope of the variable i can be limited
[./xdiff/xprepare.c:140]: (style) The scope of the variable hav can be limited

Re: y.a. static code analysis

[Alex Riesen]

2009/5/23 Serhat Şevki Dinçer <jfcgauss@gmail.com>:
> i think only the ones about date.c (below note) are real defects
> (first chars are not checked).
>
> and also how about http://scan.coverity.com? i see it was mentined
> before (http://article.gmane.org/gmane.comp.version-control.git/111562)
> with apparently no responses or arguments (there has been a suggestion
> of bad license terms in that message, but if the scan is suitable for
> so many FOSS (see all rungs) including the kernel, why would it be not
> good for git?). i think it could be a good free (as in beer) code
> check for git.

There is a reason why the static checking tools are not popular:
too many false positives.

> [./builtin-apply.c:482]: (error) Using 'name' after it is deallocated / released

Just wrong.

> [./compat/mingw.c:273]: (style) Found 'mktemp'. You should use 'mkstemp' instead
> [./compat/mkdtemp.c:5]: (style) Found 'mktemp'. You should use 'mkstemp' instead

Assuming the platform (see "compat"?) has mkstemp(3).

> [./date.c:268]: (style) Redundant code: Found a statement that begins
> with numeric constant
> [./date.c:483]: (style) Redundant code: Found a statement that begins
> with numeric constant

There is no numeric constant in the line, and while you're right (almost)
regarding skipping the first character, the message itself is confusing.

You're not completely right, because looking at the code, the character
you think is skipped is already tested for existence in other places.
Yes, the code could be clearer at this point. Could be just a sign of
refactoring passes, though.

> [./http-push.c:1419]: (error) Using 'lock' after it is deallocated / released

This is the only real bug.

> [./read-cache.c:938] -> [./read-cache.c:759] -> [./read-cache.c:729]:
> (all) Array index out of bounds
> [./read-cache.c:938] -> [./read-cache.c:759] -> [./read-cache.c:731]:
> (all) Array index out of bounds
> [./read-cache.c:938] -> [./read-cache.c:759] -> [./read-cache.c:736]:
> (all) Array index out of bounds

Definitely not. It is just a flexarray, worked around  with array[1]
for some compilers.

> [./test-sha1.c:16]: (error) Memory leak: buffer

The program ends and there is no point deallocating the buffer.

Re: y.a. static code analysis

[Alex Riesen]

Noticed and reported by Serhat Şevki Dinçer.

Signed-off-by: Alex Riesen <raa.lkml@gmail.com>
---

Alex Riesen, Sun, May 24, 2009 15:04:06 +0200:
> 2009/5/23 Serhat Şevki Dinçer <jfcgauss@gmail.com>:
> 
> > [./http-push.c:1419]: (error) Using 'lock' after it is deallocated / released
> 
> This is the only real bug.
> 

Here's a fix.

 http-push.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/http-push.c b/http-push.c
index dac2c6e..45e8a69 100644
--- a/http-push.c
+++ b/http-push.c
@@ -1415,8 +1415,9 @@ static void remove_locks(void)
 
 	fprintf(stderr, "Removing remote locks...\n");
 	while (lock) {
+		struct remote_lock *next = lock->next;
 		unlock_remote(lock);
-		lock = lock->next;
+		lock = next;
 	}
 }
 
-- 
1.6.3.1.93.g316b2

Re: y.a. static code analysis

[Clemens Buchacher]

On Sun, May 24, 2009 at 03:16:49PM +0200, Alex Riesen wrote:
> Noticed and reported by Serhat Şevki Dinçer.
> 
> Signed-off-by: Alex Riesen <raa.lkml@gmail.com>

Thanks. Ack.