[cfe-dev] Clang Analysis of several open source projects.
Ben Laurie
benl at google.com
Thu May 12 09:50:34 PDT 2011
On 12 May 2011 12:47, Ben Laurie <benl at google.com> wrote:
>
>
> On 12 May 2011 12:24, John Smith <lbalbalba at gmail.com> wrote:
>
>> Hi.
>>
>>
>> In case anyone is interested, I ran the clang analyzer on several open
>> source projects. (gcc, gdb, glib, ntp, openldap, openssl, postfix).
>>
>> However, there are many issues found on most of those projects, which
>> are reasonably well known and widely used pieces of software. Which
>> makes me wonder if there arent just a lot of false positives here ?
>>
>>
>> The resulting reports can be found here :
>>
>> http://lbalbalba.freezoka.net/ccc-analyzer/
>
>
> Experience with static analysis says that almost all the issues will be
> false positives (at least in openssl).
>
e.g.
http://lbalbalba.freezoka.net/ccc-analyzer/scan-build-openssl-1.0.0d/report-x3HkoT.html#EndPathis
bad analysis (the branch stuff needs to understand bitmaps to fix it -
hmm, that could be a fun project).
>
>
>>
>>
>>
>>
>> Regards,
>>
>>
>>
>> John Smith
>> _______________________________________________
>> cfe-dev mailing list
>> cfe-dev at cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20110512/c9531a2a/attachment.html>
More information about the cfe-dev
mailing list