Re: Clang static checking support now available
On 3/31/13 8:05 AM, ISHIKAWA, Chiaki wrote: Has mozilla considered using this free service before? Yes. You can query bugzilla for coverity-based bug reports... The false positive rate was very very high, last time it was tried. -Boris ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
Re: Clang static checking support now available
On 3/31/2013 8:05 AM, ISHIKAWA, Chiaki wrote: > Now, I know that a commercial testing tool maker is offering free scan > service > for open source project. > See > http://scan.coverity.com/project_register.html > > Has mozilla considered using this free service before? > And if not, why not? Coverity has been run multiple times on the Mozilla codebase[1]. The bugs I've seen have been a mix of real issues and harmless things. -Ted 1. https://bugzilla.mozilla.org/buglist.cgi?quicksearch=keyword%3Acoverity ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
Re: Clang static checking support now available
(2013/03/29 14:31), Joshua Cranmer 🐧 wrote: On 3/25/2013 11:40 PM, Joshua Cranmer 🐧 wrote: As of yesterday, clang static-checking support has been checked into the tree. To use it, compile with clang 3.2 (tip-of-trunk may or may not work) and --enable-clang-plugin on a Linux machine. Mac support is currently not enabled since I don't own a Mac and the build system for this kind of stuff is really, really crappy. It is also not yet usable on try for reasons to do with header incompatibilities, although this will appear to be resolvable within a day or two if things go well. This is now usable on try. The current complicated steps to do so are: [...] I am currently working with releng to make this process less painful by getting a builder that is dedicated to running these sorts of steps. See bug 851753 for current progress. As a side note, I will point out that we already have our first static checking failure checked into the tree, thanks to bug 840417. I think static testing is a great tool to improve the quality of software. It is not a silver bullet, but still very useful. So this is a welcome addition to mozilla development infrastructure and I would like to thank Joshua Cranmer in having this implemented. Now, I know that a commercial testing tool maker is offering free scan service for open source project. See http://scan.coverity.com/project_register.html Has mozilla considered using this free service before? And if not, why not? I am just curious. Linux source has been tested with these and there were many bug fixes contributed by the coverity scan (and its predecessor at research level). If mozilla as an organization can't spend time on getting the source tested, someone may be interested in registering the private repo and having it tested and reporting the result now and then. TIA ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
Re: Clang static checking support now available
On 3/25/2013 11:40 PM, Joshua Cranmer 🐧 wrote: As of yesterday, clang static-checking support has been checked into the tree. To use it, compile with clang 3.2 (tip-of-trunk may or may not work) and --enable-clang-plugin on a Linux machine. Mac support is currently not enabled since I don't own a Mac and the build system for this kind of stuff is really, really crappy. It is also not yet usable on try for reasons to do with header incompatibilities, although this will appear to be resolvable within a day or two if things go well. This is now usable on try. The current complicated steps to do so are: 1. Copy browser/config/tooltool-manifests/linux64/clang.manifest to browser/config/tooltool-manifests/linux64/releng.manifest (you can also do the same for linux32). 2. Edit build/unix/mozconfig.linux to use clang instead of gcc as the compiler, and to add --enable-clang-plugin to the list of options. It should look as follows: if [ -d "$topsrcdir/clang" ]; then # mozilla-central based build export CC=$topsrcdir/clang/bin/clang export CXX=$topsrcdir/clang/bin/clang++ export LLVMCONFIG=$topsrcdir/clang/bin/llvm-config elif [ -d "$topsrcdir/../clang" ]; then # comm-central based build export CC=$topsrcdir/../clang/bin/clang export CXX=$topsrcdir/../clang/bin/clang++ export LLVMCONFIG=$topsrcdir/../clang/bin/llvm-config fi ac_add_options --enable-clang-plugin 3. Push to try that builds on Linux64, debug or opt. I am currently working with releng to make this process less painful by getting a builder that is dedicated to running these sorts of steps. See bug 851753 for current progress. As a side note, I will point out that we already have our first static checking failure checked into the tree, thanks to bug 840417. -- Joshua Cranmer Thunderbird and DXR developer Source code archæologist ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
Clang static checking support now available
As of yesterday, clang static-checking support has been checked into the tree. To use it, compile with clang 3.2 (tip-of-trunk may or may not work) and --enable-clang-plugin on a Linux machine. Mac support is currently not enabled since I don't own a Mac and the build system for this kind of stuff is really, really crappy. It is also not yet usable on try for reasons to do with header incompatibilities, although this will appear to be resolvable within a day or two if things go well. So what does this static checking do? Currently, it only verifies the correctness of MOZ_MUST_OVERRIDE. Details of what this does exactly may be found in mfbt/Attributes.h, but it effectively requires all subclasses of a class to override a given method and reports an error if this is not the case. I plan to port the NS_STACK_CLASS of the old dehydra interface to the new checker as well, and am considering porting the static initializer warning as well. The other old analyses I am planning on ditching as either superseded by other features (the NS_FINAL/NS_OVERRIDE, now in C++11) or of arguable correctness (the outparams analysis). -- Joshua Cranmer Thunderbird and DXR developer Source code archæologist ___ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
