Date: Sun, 16 Sep 2012 00:35:04 +0530 From: Dhiru Kholia <dhiru.kholia@...il.com> To: john-dev@...ts.openwall.com Subject: Re: Static analysis of John using Coverity On Sat, Sep 15, 2012 at 11:17 PM, Robert B. Harris <rs904c@...scape.net> wrote: > Is anyone on list interested and have the time for this? Count me in. I am waiting to find out how well Coverity works. > There are other analyzers as well... Coverity is supposed to have a low > false positive rate, so I think that might be a good program to start with I have started trying "Clang Static Analyzer" against magnum-jumbo. To use it do the following steps, 0. Install "Clang Static Analyzer" 1. Apply attached patch to Makefile. Do "make clean" 2. Run "scan-build make linux-x86-64-clang-debug" 3. Finally run, "scan-view /tmp/XXXX" to view the bugs. The output looks great. I am in process of fixing the bugs it has found. Some screenshots, 1. http://dl.dropbox.com/u/1522424/ca/ca-wbb3.png 2. http://dl.dropbox.com/u/1522424/ca/clang-analyzer.png 3. http://dl.dropbox.com/u/1522424/ca/wa-sapG.png -- Cheers, Dhiru Download attachment "clang-analyzer.diff" of type "application/octet-stream" (1037 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.