Static analysis
317 views
Skip to first unread message
Finnur Thorarinsson
Apr 11, 2016, 12:36:10 PM4/11/16
to Chromium-dev
What is the state of static analysis in the Chrome project today?
Back in the days, I could go to a website and look up reports from nightly runs that were performed automatically. But that's now been deprecated.
Is there an alternative that doesn't require manual setup?
I noticed there's a webpage about Clang Static Analyzis on Chrome (running it manually). Is it still valid? It seems a bit out of date (refers to scan-build for an executable that is in scan-build/bin/) and when I run it I get "scan-build: No bugs found.", which seems very suspicious, given that these static analysis runs have historically been a bit noisy.
Thoughts? I'm mainly interested in something that works well with Linux/Windows.
Gabriel Charette
Apr 12, 2016, 9:04:02 AM4/12/16
to fin...@chromium.org, Chromium-dev, bruce...@chromium.org, chr...@chromium.org
+Bruce Dawson +Chris Hamilton have tried things on Windows in the past (e.g. static bug analysis, code coverage, etc.) but they were dropped per lack of interest of the team IIRC.
--
--
Chromium Developers mailing list: chromi...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev
Nico Weber
Apr 12, 2016, 9:23:24 AM4/12/16
to Finnur Thorarinsson, Chromium-dev, Emma Soederberg, Etienne Bergeron
What problem are you trying to solve?
Some people are trying to integrate clang-tidy with either a code review tool (rietveld or gerrit) or code search, but that's not working yet.
We used to have coverity, but it had many false positives. Bruce has a cl.exe /analyze bot somewhere, and while it finds bugs every now and then, it has lots of false positives. The clang static analysis thing worked at some point and can probably be made to work again, but it has many false positives.
Some people are trying to integrate clang-tidy with either a code review tool (rietveld or gerrit) or code search, but that's not working yet.
If you have a specific buggy pattern in mind that you think static analysis could find without false positives, we should add it either to the compiler or to our clang plugin.
Nico
--
Finnur Thorarinsson
Apr 12, 2016, 9:39:07 AM4/12/16
to Nico Weber, Chromium-dev, Emma Soederberg, Etienne Bergeron
I don't have a specific problem that I'm trying to solve, but back in the days (before my recent Java and JavaScript work) I used to take a pass at the Coverity reports every few weeks/months or so, usually during down-time like waiting for a compile to finish, and I could always find some low-hanging fruit that was easy to address. That's why I was mainly interested in automatically generated results, like Coverity produced nightly (fits well with waiting for a compile to finish).
Bruce Dawson
Apr 12, 2016, 1:18:54 PM4/12/16
to Gabriel Charette, fin...@chromium.org, Chromium-dev, chr...@chromium.org
I'm still using VC++'s /analyze to check for defects in Chrome code. It found a bug and an unused (shadowed) static local this week. Unfortunately it's signal to noise ratio is poor so I don't suggest that others look at the results. It would be great to get some of the /analyze warnings incorporated into clang's regular builds or clang static analysis.
The batch files that retrieve the latest warnings (there are a lot) and can summarize which warnings are new since you last checked were added to the repo in https://codereview.chromium.org/1061663002, but I'm still not recommending that you use them - interpreting /analyze warnings efficiently takes some practice, unfortunately. Tracking bug is crbug.com/427616.
Chris Hamilton
Apr 12, 2016, 1:47:05 PM4/12/16
to Bruce Dawson, Gabriel Charette, etie...@google.com, fin...@chromium.org, Chromium-dev
+Etienne Bergeron
He's been playing with writing custom static analysis tools (based on LLVM) the last couple months, and finding many bugs AFAIK. I think the plan is to maybe hoist these to a trybot somewhere?
Chris Hamilton
Apr 12, 2016, 1:47:51 PM4/12/16
to Bruce Dawson, Gabriel Charette, etie...@google.com, etie...@chromium.org, fin...@chromium.org, Chromium-dev
+Etienne Bergeron (with his Chromium address this time)
Etienne Bergeron
Apr 13, 2016, 5:12:29 PM4/13/16
to Chromium-dev
I recently landed a few fixes to clang-tidy upstream to make it works on linux over chromium code base and I fixed a few bugs in chromium (cr/589955).
Some patches are still pending to make clang-tidy working on windows and it is still a work in progress.
The main problem is the compilation database.
We are currently looking to see if we can integrate clang-tidy in different way (command-line, build-bots, ...).
emso@ is joining chromium team to help integrating more checkers over the chromium code base.
This is a very promising project.
I wrote a few custom linter rules to find specific bugs (inefficient construct) over chromium and it is working pretty well.
Now the question is more, what do you want to match?
The clang-tidy ast-matcher is pretty nice and it is doing a great job. The static-analyzer allowing complex matchers over a CFG (flow graph), available in clang and in clang-tidy, is too noisy on C++ because it's not maintained.
Reply all
Reply to author
Forward
0 new messages