Coverity Scan Static Code Analysis

Discuss about anything related to the Irrlicht Engine, or read announcements about any significant features or usage changes.
Post Reply
kklouzal
Posts: 343
Joined: Sun Mar 28, 2010 8:14 pm
Location: USA - Arizona

Coverity Scan Static Code Analysis

Post by kklouzal »

Have you guys considered running Irrlicht through Coverity Scan?
https://scan.coverity.com/
Static analysis is a set of processes for finding source code defects and vulnerabilities.

In static analysis, the code under examination is not executed. As a result, test cases and specially designed input datasets are not required. Examination for defects and vulnerabilities is not limited to the lines of code that are run during some number of executions of the code, but can include all lines of code in the codebase.

Additionally, Synopsys's implementation of static analysis can follow all the possible paths of execution through source code (including interprocedurally) and find defects and vulnerabilities caused by the conjunction of statements that are not errors independent of each other.
Some examples of defects and vulnerabilities found by Coverity Quality Advisor include:

resources leaks
dereferences of NULL pointers
incorrect usage of APIs
use of uninitialized data
memory corruptions
buffer overruns
control flow issues
error handling issues
incorrect expressions
concurrency issues
insecure data handling
unsafe use of signed values
use of resources that have been freed
The consequences of each type of defect or vulnerability are dependent on the specific instance. For example, unsafe use of signed values may cause crashes, lead to unexpected behavior, or lead to an exploitable security vulnerability.
Test every line of code and potential execution path.
The root cause of each defect is clearly explained, making it easy to fix bugs
Easily setup automatic scans if we had an official GitHub repo *COUGH COUGH* ;)

Just a thought if one of the devs get bored!
Dream Big Or Go Home.
Help Me Help You.
CuteAlien
Admin
Posts: 9628
Joined: Mon Mar 06, 2006 2:25 pm
Location: Tübingen, Germany
Contact:

Re: Coverity Scan Static Code Analysis

Post by CuteAlien »

I'm using other static scans once in a while.
IRC: #irrlicht on irc.libera.chat
Code snippet repository: https://github.com/mzeilfelder/irr-playground-micha
Free racer made with Irrlicht: http://www.irrgheist.com/hcraftsource.htm
Post Reply