[sheepdog-users] static clang analysis of sheepdog

Marcin Mirosław marcin at mejor.pl
Fri Jan 10 11:57:03 CET 2014

W dniu 10.01.2014 05:14, Hitoshi Mitake pisze:
> At Thu, 09 Jan 2014 15:40:50 +0100,
> Marcin Mirosław wrote:
>> Hi!
>> I've prepared static analysis of sheepdog using clang[1] . Probably most
>> of reports can be ignored but I don't know if "use-after-freee" and
>> "potential insecure..." can be false positives or not.
>> Marcin
>> [1] - http://mejor.pl/clang-analysis/sheepdog-1c58e41c1ca5ba/
> This is a very useful report. Thanks a lot, Marcin!
> BTW, if you have time, could you write a patch for producing this
> report? It must be a strong tool for detecting bugs and I want to use
> it periodically.
> # Of course I'll write the patch by myself if you don't have enough time.

I'm glad that this report is usefull.
using clang or static analyser form clang is very easy. All you need is
install clang with support for static analyzer (the way depend on you
distro). Next you need to do:
$ scan-build -maxloop 20 -enable-checker security.insecureAPI.strcpy
./configure <your preffered options)

$ scan-build -maxloop 20 -enable-checker security.insecureAPI.strcpy
make -j3
and voila! In /tmp/scan-build-<xxx> you will have report in html.

Of course it's not problem for me to run such analyze and send report -
just ping me.

More information about the sheepdog-users mailing list