Report from llvms static analysis tool
sbergman at redhat.com
Mon Oct 5 01:29:14 PDT 2015
On 10/04/2015 10:34 PM, Daniel wrote:
> I just built the LO core with scan-build, a static analysis tool. I
> posted the results to my github page. The report can be viewed at
> http://danlrobertson.github.io/scan.html. With coverity scan etc I'm not
> sure if this will provide any new info, but if you're interested, please
> feel free to check it out. If you have any comments, suggestions, or
> tips, please feel free to shoot me an email and let me know if this is
> helpful or not. I don't mind continuing to post the results from my
> builds if it helps.
> There will be a lot of false positives, but "given enough eyeballs all
> bugs are shallow".
Thanks for setting this up.
I happened to look at the same set of DeadStore issues the other day via
clang-tidy (which is another driver that can use the same static
analyzers as scan-build, among others), but many of the more mundane
fixes are still only on my hard drive (I pushed a few of them earlier
today; should continue to push more).
(Whenever I tried to seriously look at scan-build in the past, it
appeared to me to produce too many false positives to invest more time
into it, but your rather short list of 1385 issues looks more promising
now. Probably, our code base has benefited from Coverity etc. clean-up
meanwhile, and scan-build itself has likely become smarter, too.)
More information about the LibreOffice