Difference between revisions of "HOWTO-Static Analysis Tools"

Jump to navigation Jump to search

HOWTO-Static Analysis Tools (view source)

Revision as of 11:51, 22 July 2022

7 bytes added ,  11:51, 22 July 2022
m
Grammer fixis
(Fix formatting and grammar)
m (Grammer fixis)
Line 4: Line 4:


== Coverity ==
== Coverity ==
Our major tool, located at [https://scan.coverity.com/projects/scummvm?tab=overview this URL].
Our major tool that is located at [https://scan.coverity.com/projects/scummvm?tab=overview this URL].


To get access, you must be a member of ScummVM Team and issue a request on that page. Ping [[User:Sev|sev]] for getting your request approved.
To get access, you must be a member of the ScummVM Team and issue a request on that page. Ping [[User:Sev|sev]] for getting your request approved.


Some guidances:
Some guidances:
Line 15: Line 15:
# Address all possible issues. If you clearly see that it is a false positive, which is rare but happens, feel free to specify "False Positive" or "Ignore" but still assign it to yourself
# Address all possible issues. If you clearly see that it is a false positive, which is rare but happens, feel free to specify "False Positive" or "Ignore" but still assign it to yourself
# Be super vigilant regarding High Impact issues such as memory leaks, use-after-free and other things
# Be super vigilant regarding High Impact issues such as memory leaks, use-after-free and other things
# Regarding TAINTED SCALAR issues, we have great tons of those and we used to dismiss them. Yes, it may lead to an issue when manually crafted game data might lead to a crash or some memory overflow exploits, but once we have the data integrity subsystem implemented, those will be eliminated.
# Regarding the TAINTED SCALAR issues, we have tons of those that we used to dismiss. Yes, it may lead to an issue when manually crafted game data might lead to a crash or some memory overflow exploits, but once we have the data integrity subsystem implemented, those will be eliminated.




== Codacy ==
== Codacy ==
We use it on GitHub.
We use it on the GitHub.


In [[User:Sev | sev's]] opinion it is mostly useless. It is an AI-based tool that seemingly runs by pattern matching. As a result, it produces tons of strange complaints about somebody's standards of code formatting etc.
In [[User:Sev | sev's]] opinion it is mostly useless. It is an AI-based tool that seemingly runs by pattern matching. As a result, it produces tons of strange complaints about somebody's code formatting standards, etc.


Use at your discretion.
Use at your discretion.
Retrieved from "https://wiki.scummvm.org/index.php?title=Special:MobileDiff/35364"

Navigation menu