Current state of Static Analysis and Clang related issues

33 views
Skip to first unread message

sim...@ncsu.edu

unread,
Oct 29, 2018, 6:19:34 PM10/29/18
to Chromium-dev
I see from the webpage that one can use Clang static analyzer locally while building chromium code.

Is there any metabug sort of thing that lists all the (or atleast some) Clang static analyzer found isseus? The bugs listed (crbug.com/686838crbug.com/686829) in this discussion are not maintained anymore.

Also, do I need to manually run the static analyzer locally? or I can go up to some website to see  the reports of a recent run by the analyzer?

I'm looking at how projects like chromium use static analyzers and what's the rate and impact of False Positives reported by these analyzers. 

Any useful link (i.e. list of bugs found by clang, clang build results) would be very much helpful for me.

Nico Weber

unread,
Oct 30, 2018, 2:34:03 PM10/30/18
to sim...@ncsu.edu, chromi...@chromium.org
Someone set up an FYI bot that ran the analyzer a few years ago, but nobody really ever looked at the output. False positive rate back then was very high. I hear the analyzer does better on C++ nowadays; I'm not sure anyone has used it recently. You'd have to run it locally and manually for now. Let us know how it goes!

--
--
Chromium Developers mailing list: chromi...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev
---
You received this message because you are subscribed to the Google Groups "Chromium-dev" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/b1de4902-df1c-4a68-b876-608afaa14130%40chromium.org.

Adam Rice

unread,
Oct 31, 2018, 4:27:48 AM10/31/18
to tha...@chromium.org, sim...@ncsu.edu, chromi...@chromium.org
Need to remove '-analyzer-eagerly-assume' flag from clang_static_analyzer_wrapper.py to make it work. Output seems to be mostly false positives. I did find one potential issue: https://bugs.chromium.org/p/chromium/issues/detail?id=900505.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/CAMGbLiEfMQ9z_wR9oEjeWfqzgDRwdvgAPmZ6BPDscJe0uZZcvA%40mail.gmail.com.

sim...@ncsu.edu

unread,
Nov 5, 2018, 2:31:33 PM11/5/18
to Chromium-dev, sim...@ncsu.edu
In that case, is there any other static analyzer in use for Chromium currently?

Nasif Imtiaz

unread,
Nov 5, 2018, 3:17:33 PM11/5/18
to chromi...@chromium.org
Also, does anyone have any useful link to that FYI bot that ran Clang (or any other static analyzer)?
It'd also be useful if anycone can refer me some material that explains how to integrate such a bot to chromium build phase and where do they fit in the overall chromium development workflow!
--
Good Day,

Nasif
Reply all
Reply to author
Forward
0 new messages