Hi, I tried llvm (clang's scan-build) after reading your post. It is very easy to run scan-build, and it seems good to find unused statements. However for finding errors, false positives disappointed me.
I analyzed 4 'API' errors, but only one seems to be real error: at color_filter.c:173, variable "filter" might be NULL in 'strstr'. I randomly choose 28 'logic error' results, such as 'null dereference', 'use of uninitialized value'. But all of them are false positives. Some common false positive reasons are: 1. assertions are not respected, scan-build usually assume ptr is NULL in "DISSECTOR_ASSERT(ptr)". 2. goto statement is not handled correctly. For example, at dumpcap.c:988, variable "magic" is considered uninitialized if read() returns negative integer. But in this case, switch(magic) will not be executed. 3. TRY is not handled correctly. For example, at packet-dcerpc.c:4204, "pdu_len" is considered uninitialized. On Thu, Jun 11, 2009 at 12:52 AM, didier <[email protected]> wrote: > Hi, > Has anyone played with mozilla dehydra (or llvm)? > https://developer.mozilla.org/en/Dehydra > > It may be useful for finding errors like > .... > if (tree) { > foo = tvb_get_xx.. > offset += 2; > ... > } > return offset; > > or > if (!tree) > return > expert_add_info(...) > > in dissectors > > Didier > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected]?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
