Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 17 Sep 2012 02:29:55 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Static analysis of John using Coverity

On Sun, Sep 16, 2012 at 12:35:04AM +0530, Dhiru Kholia wrote:
> I have started trying "Clang Static Analyzer" against magnum-jumbo.
[...]
> The output looks great. I am in process of fixing the bugs it has found.
> 
> Some screenshots,
> 
> 1. http://dl.dropbox.com/u/1522424/ca/ca-wbb3.png
> 2. http://dl.dropbox.com/u/1522424/ca/clang-analyzer.png
> 3. http://dl.dropbox.com/u/1522424/ca/wa-sapG.png

FWIW, when patching these "dead assignment" (non-)issues, please keep in
mind that we have plenty of #ifdef's, and an assignment that is dead in a
given build might well be crucial to have in another build.

I am not saying that we should not try to eliminate those - perhaps we
should, for clarity and speed - but I am saying that it's not as trivial
as blindly doing it based on a tool's report for a given build.  Well,
you can try to approach this in that trivial way, but the result might
be real bugs getting introduced for other builds.  Perhaps way fewer of
them, but real ones.

Thanks,

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ