65
edits
Difference between revisions of "HOWTO-Static Analysis Tools"
Jump to navigation
Jump to search
m
HOWTO-Static Analysis Tools (view source)
Revision as of 10:31, 11 March 2023
, 10:31, 11 March 2023Fix markup for pvs studio link
(Page created) |
m (Fix markup for pvs studio link) |
||
| (5 intermediate revisions by 2 users not shown) | |||
| Line 4: | Line 4: | ||
== Coverity == | == Coverity == | ||
Our major tool | Our major tool that is located at [https://scan.coverity.com/projects/scummvm?tab=overview this URL]. | ||
To get access, you must be a member of ScummVM Team and issue a request on that page. Ping [[ | To get access, you must be a member of the ScummVM Team and issue a request on that page. Ping [[User:Sev|sev]] for getting your request approved. | ||
Some guidances: | Some guidances: | ||
# The analysis runs every Monday night EU time | # The analysis runs every Monday night EU time and completes at around 3 am. Ping [[User:Sev|sev]] if you want to have it re-analysed. But due to the size of our project, the limitation is to run an analysis every 24 hours. | ||
# Use "Components -> All in Project" for viewing | # Use "Components -> All in Project" for viewing defects in your engine or subsystem (use the hamburger menu for navigation) | ||
# Once you fixed a bug, specify | # Once you have fixed a bug, specify its classification and severity. Action should be "Fixed, tested & documented" and assign an owner to yourself (autocompletion works there) | ||
# Address all possible issues. If you clearly see that it is a false positive, which is rare but happens, feel free to specify "False Positive" | # Address all possible issues. If you clearly see that it is a false positive, which is rare but happens, feel free to specify "False Positive" or "Ignore" but still assign it to yourself | ||
# Be super vigilant regarding High Impact issues such as memory leaks, use-after-free and other things | # Be super vigilant regarding High Impact issues such as memory leaks, use-after-free and other things | ||
# Regarding TAINTED SCALAR issues, we have | # Regarding the TAINTED SCALAR issues, we have tons of those that we used to dismiss. Yes, it may lead to an issue when manually crafted game data might lead to a crash or some memory overflow exploits, but once we have the data integrity subsystem implemented, those will be eliminated. | ||
== PVS-Studio == | |||
We use Open Source license from [https://pvs-studio.com/en/pvs-studio/?utm_source=github&utm_medium=organic&utm_campaign=open_source PVS-Studio] - static analyzer for C, C++, C#, and Java code. They were generous in providing us with free access. | |||
<font color=red>IMPORTANT:</font> Per our license requirement, you must mention PVS-Studio in your commit log messages. Please, use the following format: | |||
SUBSYSTEM: Description. PVS-Studio VXXXX | |||
Where VXXXX is the diagnostics number of PVS-Studio. | |||
The tool is run daily on the buildbot machine, every night at around 2am. The reports are available at [https://analysis.scummvm.org/ https://analysis.scummvm.org/]. | |||
To get access, please talk to [[User:Sev|sev]] or [[User:Rootfather|rootfather]], then we add you to .htpasswd | |||
There you may find a set of different log formats. The useful ones are: | |||
* scummvm.html Single downloadable HTML file | |||
* scummvm.fullhtml Multiple files HTML min-website, you may browse it online | |||
* scummvm.vscode.sarif You may load this into Sarif plugin for VSCode. [https://pvs-studio.com/en/docs/manual/6590/ Here is how]. | |||
* scummvm.xml These are consumed by PVS-Studio internal tools | |||
In general, read [https://pvs-studio.com/en/docs/ their manuals], they are comprehensive and nicely written. | |||
== Codacy == | == Codacy == | ||
We use it on GitHub. | We use it on GitHub. | ||
In [[User | In [[User:Sev | sev's]] opinion it is mostly useless. It is an AI-based tool that seemingly runs by pattern matching. As a result, it produces tons of strange complaints about somebody's code formatting standards, etc. | ||
Use at your discretion. | Use at your discretion. | ||