-- Leo's gemini proxy
-- Connecting to gmi.noulin.net:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini
date: 2021-05-24 09:42:24
categories: C
firstPublishDate: 2021-05-24 09:42:24
I'm developing
(a C library) and I have been running 4 static analyzer:
cppcheck
clang static analyzer (11)
gcc static analyzer (10.2)
coverity
I also created
, the non covered code is in 3 categories:
the cleanup functions (gcc extension). They free objects when they are out of scope, it simplifies memory management
the code executed when there is a out a memory error (OOM)
the NULL checks that can't happen in correct programs
With the unit tests, I found most issues in libsheepy and I think there are only a few unknown bugs left.
Coverity is the static analyzer that found the most problems (
and
), most of them in the OOM code that is non tested in the unit tests, there are also issues that were found with the unit tests by coverity which are not listed here.
missing free in the OOM code
missing va_end in the OOM code
more correct printf format type (was not an issue)
simplify logic (was not an issue)
I fixed
so here is list of issue types not detected by the static analyzers:
possible infinite loop
memory leak when buffers are allocted and freed in different sub-functions
The majority of the issues found in the unit tests are arbitrary logic errors that static analyzers can't find.
Unit tests and static analyzers complement each other. With static analyzers, one can make sure the unit tests are correct and not missing issues.
hashtags: #cprogramming
-- Response ended
-- Page fetched on Wed May 22 03:20:38 2024