Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 16 Sep 2012 00:35:04 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Static analysis of John using Coverity

On Sat, Sep 15, 2012 at 11:17 PM, Robert B. Harris <rs904c@...scape.net> wrote:
> Is anyone on list interested and have the time for this?

Count me in. I am waiting to find out how well Coverity works.

> There are other analyzers as well... Coverity is supposed to have a low
> false positive rate, so I think that might be a good program to start with

I have started trying "Clang Static Analyzer" against magnum-jumbo. To
use it do the following steps,

0. Install "Clang Static Analyzer"

1. Apply attached patch to Makefile. Do "make clean"

2. Run "scan-build make linux-x86-64-clang-debug"

3. Finally run, "scan-view /tmp/XXXX" to view the bugs.

The output looks great. I am in process of fixing the bugs it has found.

Some screenshots,

1. http://dl.dropbox.com/u/1522424/ca/ca-wbb3.png
2. http://dl.dropbox.com/u/1522424/ca/clang-analyzer.png
3. http://dl.dropbox.com/u/1522424/ca/wa-sapG.png

-- 
Cheers,
Dhiru

[ CONTENT OF TYPE application/octet-stream SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ