Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 16 Sep 2012 00:35:04 +0530
From: Dhiru Kholia <>
Subject: Re: Static analysis of John using Coverity

On Sat, Sep 15, 2012 at 11:17 PM, Robert B. Harris <> wrote:
> Is anyone on list interested and have the time for this?

Count me in. I am waiting to find out how well Coverity works.

> There are other analyzers as well... Coverity is supposed to have a low
> false positive rate, so I think that might be a good program to start with

I have started trying "Clang Static Analyzer" against magnum-jumbo. To
use it do the following steps,

0. Install "Clang Static Analyzer"

1. Apply attached patch to Makefile. Do "make clean"

2. Run "scan-build make linux-x86-64-clang-debug"

3. Finally run, "scan-view /tmp/XXXX" to view the bugs.

The output looks great. I am in process of fixing the bugs it has found.

Some screenshots,



Download attachment "clang-analyzer.diff" of type "application/octet-stream" (1037 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.