PSA: If you are C/C++ developer, use cppcheck
Martin Milata
mmilata at redhat.com
Thu Jan 2 11:43:39 UTC 2014
On Mon, Dec 30, 2013 at 15:58:18 +0200, Ville Skyttä wrote:
> On Sat, Dec 28, 2013 at 7:30 AM, Rahul Sundaram <metherid at gmail.com> wrote:
> > I ended up running scan-build from clang-analyzer and found
> > more memory leaks, null pointer deferences and other issues that cppcheck
> > doesn't find. I am going to try and send in some patches if I can.
>
> Me too. In many cases I didn't even try patching myself yet but just
> stored generated reports in my fedorapeople site and sent links to
> those to upstreams, and the response so far has been quite favourable.
>
> By the way, I also took a look into how scan-build could be run in
> mock builds without modifying the source packages at all, and with
> minimal mock config modifications. What I came up with so far is this
> fugly hack which appears to work for many packages using autotools or
> cmake.
>
> 1) Add scan-build to mock's chroot_setup_cmd, for example:
> config_opts['chroot_setup_cmd'] = 'install @buildsys-build /usr/bin/scan-build'
>
> 2) Set up an alias and use it instead of plain mock (everything on one line):
> alias mock-scan-build="mock --define '__scan_build
> /usr/bin/scan-build' --define '_configure %__scan_build ./configure'
> --define '__cmake %__scan_build %{_bindir}/cmake' --define '__make
> %__scan_build %{_bindir}/make' --define '___build_template
> #!%{___build_shell}\\"$'\n'"alias make=\"%__make\"
> cmake=\"%__cmake\"\\"$'\n'"%{___build_pre}\\"$'\n'"%{nil}'"
You might be interested in mock-with-analysis [1], mock wrapper that can
run several static analyzers on unmodified SRPMs and extract the results
in machine-readable format.
Martin
[1] https://github.com/fedora-static-analysis/mock-with-analysis
More information about the devel
mailing list