Open main menu

Difference between revisions of "HOWTO-Static Analysis Tools"

Added PVS-Studio
m (→‎Codacy: Fix typo)
(Added PVS-Studio)
Line 16: Line 16:
# Be super vigilant regarding High Impact issues such as memory leaks, use-after-free and other things
# Be super vigilant regarding High Impact issues such as memory leaks, use-after-free and other things
# Regarding the TAINTED SCALAR issues, we have tons of those that we used to dismiss. Yes, it may lead to an issue when manually crafted game data might lead to a crash or some memory overflow exploits, but once we have the data integrity subsystem implemented, those will be eliminated.
# Regarding the TAINTED SCALAR issues, we have tons of those that we used to dismiss. Yes, it may lead to an issue when manually crafted game data might lead to a crash or some memory overflow exploits, but once we have the data integrity subsystem implemented, those will be eliminated.
== PVS-Studio ==
We use Open Source license from [https://pvs-studio.com/en/pvs-studio/?utm_source=github&utm_medium=organic&utm_campaign=open_source PVS-Studio) - static analyzer for C, C++, C#, and Java code. They were generous in providing us with free access.
<font color=red>IMPORTANT:</font> Per our license requirement, you must mention PVS-Studio in your commit log messages. Please, use the following format:
  SUBSYSTEM: Description. PVS-Studio VXXXX
Where VXXXX is the diagnostics number of PVS-Studio.
The tool is run daily on the buildbot machine, every night at around 2am. The reports are available at [https://analysis.scummvm.org/ https://analysis.scummvm.org/].
To get access, please talk to [[User:Sev|sev]] or [[User:Rootfather|rootfather]], then we add you to .htpasswd
There you may find a set of different log formats. The useful ones are:
* scummvm.html Single downloadable HTML file
* scummvm.fullhtml Multiple files HTML min-website, you may browse it online
* scummvm.vscode.sarif You may load this into Sarif plugin for VSCode. [https://pvs-studio.com/en/docs/manual/6590/ Here is how].
* scummvm.xml These are consumed by PVS-Studio internal tools