From: Alex Riesen <raa.lkml@gmail.com>
To: "Serhat Şevki Dinçer" <jfcgauss@gmail.com>
Cc: git@vger.kernel.org
Subject: Re: y.a. static code analysis
Date: Sun, 24 May 2009 15:04:06 +0200 [thread overview]
Message-ID: <81b0412b0905240604q3c8c798bi6ad64d8916b4cd9e@mail.gmail.com> (raw)
In-Reply-To: <927245250905231200ifbda2f6t1c54628e314d63e6@mail.gmail.com>
2009/5/23 Serhat Şevki Dinçer <jfcgauss@gmail.com>:
> i think only the ones about date.c (below note) are real defects
> (first chars are not checked).
>
> and also how about http://scan.coverity.com? i see it was mentined
> before (http://article.gmane.org/gmane.comp.version-control.git/111562)
> with apparently no responses or arguments (there has been a suggestion
> of bad license terms in that message, but if the scan is suitable for
> so many FOSS (see all rungs) including the kernel, why would it be not
> good for git?). i think it could be a good free (as in beer) code
> check for git.
There is a reason why the static checking tools are not popular:
too many false positives.
> [./builtin-apply.c:482]: (error) Using 'name' after it is deallocated / released
Just wrong.
> [./compat/mingw.c:273]: (style) Found 'mktemp'. You should use 'mkstemp' instead
> [./compat/mkdtemp.c:5]: (style) Found 'mktemp'. You should use 'mkstemp' instead
Assuming the platform (see "compat"?) has mkstemp(3).
> [./date.c:268]: (style) Redundant code: Found a statement that begins
> with numeric constant
> [./date.c:483]: (style) Redundant code: Found a statement that begins
> with numeric constant
There is no numeric constant in the line, and while you're right (almost)
regarding skipping the first character, the message itself is confusing.
You're not completely right, because looking at the code, the character
you think is skipped is already tested for existence in other places.
Yes, the code could be clearer at this point. Could be just a sign of
refactoring passes, though.
> [./http-push.c:1419]: (error) Using 'lock' after it is deallocated / released
This is the only real bug.
> [./read-cache.c:938] -> [./read-cache.c:759] -> [./read-cache.c:729]:
> (all) Array index out of bounds
> [./read-cache.c:938] -> [./read-cache.c:759] -> [./read-cache.c:731]:
> (all) Array index out of bounds
> [./read-cache.c:938] -> [./read-cache.c:759] -> [./read-cache.c:736]:
> (all) Array index out of bounds
Definitely not. It is just a flexarray, worked around with array[1]
for some compilers.
> [./test-sha1.c:16]: (error) Memory leak: buffer
The program ends and there is no point deallocating the buffer.
next prev parent reply other threads:[~2009-05-24 13:04 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-05-23 19:00 y.a. static code analysis Serhat Şevki Dinçer
2009-05-24 13:04 ` Alex Riesen [this message]
2009-05-24 13:16 ` Alex Riesen
2009-05-24 13:25 ` Clemens Buchacher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=81b0412b0905240604q3c8c798bi6ad64d8916b4cd9e@mail.gmail.com \
--to=raa.lkml@gmail.com \
--cc=git@vger.kernel.org \
--cc=jfcgauss@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).