What does Coverity/clang static analysis actually do?

Rainer Schuetze r.sagitario at gmx.de
Fri Oct 2 07:20:11 PDT 2009


Hi,

Walter Bright wrote:
> 
> There's a lot of hoopla about these static checkers, but I'm not 
> impressed by them based on what I can find out about them. What do you 
> know about what these checkers do that is not on this list? Any other 
> kinds of checking that would be great to implement?

The development edition of VS2008 also has a static code analyzer. There
is a list of issued warnings for C/C++ with examples at:

http://msdn.microsoft.com/en-us/library/a5b9aa09.aspx

There are a lot more messages generated for managed code:

http://msdn.microsoft.com/en-us/library/ee1hzekz.aspx

The analyzer does inter-procedural-analysis, so it (sometimes) knows, 
what range of values function arguments can have.

I've run the analysis on the dmd source code, but deactivated some
warnings regarding memory leaks and variable hiding to not get flooded
with messages. After that, code analysis added about 150 warnings to the
1000 already issued by the compiler (mostly "signed/unsigned mismatch"
and "unreferenced local variable").

The code analyzer warnings often deal with
- "Dereferencing NULL pointer" (I've added __assume statements to
assert, so the compiler does not warn null pointers, if there is an
"assert(pointer)" somewhere before the indirection). Most of these
warnings are not so easy to verify, but some are probably correct.

- "Using uninitialized memory": mostly after switch-statements without
variable initialization in default.

- "Invalid data: accessing 'variable', the readable size is 'X' bytes,
but 'Y' bytes might be read": as far as I could see, these are often
false positives, because the analyzer could not deal with variable sized
arrays at the end of structs (you can add annotation to help the
analyzer, though, but I have not tried). Even with constant size arrays, 
some of the warnings are plain wrong.

- stdlib/windows-api calls (e.g. printf arguments, ignored return codes)

I guess, that you'll have to annotate the code a lot if you want to have 
the compiler always do the analyzing and get reasonable results. I've 
also seen C# code with a lot of attributes just to suppress warnings 
from the analyzer.

Rainer



More information about the Digitalmars-d mailing list