Mailing List Archive: Static Analysis - was Re: [Bug 2648] Use of $authres

On Wed, 28 Oct 2020, admin--- via Exim-dev wrote:

> https://bugs.exim.org/show_bug.cgi?id=2648
>
> --- Comment #6 from Jeremy Harris <jgh146exb@wizmail.org> ---
> This is the sort of thing that static analysis ought to find; we probably have
> an uninitialized variable. Unfortunately my ability to build for Coverity has
> died. The only other decent way requires getting a coredump. Any hope of
> that?

I don't know who instigated it, or how recently it ran, but
https://lgtm.com/projects/g/Exim/exim/
is an online static analysis of exim.

I am willing to go through the alerts in a general way if it
will be useful, though I'm not sure how to give useful feedback.

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk

--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

On 28/10/2020 09:58, Andrew C Aitchison via Exim-dev wrote:
> I don't know who instigated it, or how recently it ran, but
> https://lgtm.com/projects/g/Exim/exim/
> is an online static analysis of exim.
>
> I am willing to go through the alerts in a general way if it
> will be useful, though I'm not sure how to give useful feedback.

Looks like it runs continuously; it references the current tree head.

I don't like static analysers in general - they tend to not understand
enough context, they tend to display the biasses of the analyzer writer
rather than the actual sourcecode language definition, and they throw
up so much cruft as a result that wading through it is a major timesink.

For instance, with Coverity I had to dismiss just about every whine re.
memory leaks. Exim's process-handling releases memory by terminating
processes. The tool just didn't grok the possibility; fortunately it
let me tag each whine position as accepted.

This one looks pretty limited, from the alerts it is displaying.
--
Cheers,
Jeremy

Mailing List Archive

Mailing List Archive

Attached Files: