[analyzer] Any real projects for testing Static Analyzer?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[analyzer] Any real projects for testing Static Analyzer?

Fangrui Song via cfe-dev

Hi, all.


What (open) projects do you use to test CSA (features, performance, etc.)?

I was trying to find any, but it is harder then I thought. I'm using Windows and many projects use posix includes.


My aim is to test performance of my patch. Or maybe somebody could do this for me :).



Denys Petrov
Senior С++ Developer | Kharkiv, Ukraine


_______________________________________________
cfe-dev mailing list
[hidden email]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: [analyzer] Any real projects for testing Static Analyzer?

Fangrui Song via cfe-dev
Hi Denis,

I am using csa-testbanch to test the performance and stability of my patches. It can aggregate the analyzer statistics and provides really nice charts. Under the hood it uses CodeChecker.
The usual projects I run the tests are (in increasing complexity for the analyzer):
  • tmux
  • curl
  • redis
  • xerces
  • bitcoin
  • protobuf
Here are two example configurations that I use for the testbanch:
Note, these config files describe how to build the projects and what kind of parameters to add to each analyzer invocations.

Cheers,
Gabor

On Wed, May 13, 2020 at 1:37 PM Denis Petrov via cfe-dev <[hidden email]> wrote:

Hi, all.


What (open) projects do you use to test CSA (features, performance, etc.)?

I was trying to find any, but it is harder then I thought. I'm using Windows and many projects use posix includes.


My aim is to test performance of my patch. Or maybe somebody could do this for me :).



Denys Petrov
Senior С++ Developer | Kharkiv, Ukraine

_______________________________________________
cfe-dev mailing list
[hidden email]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev

_______________________________________________
cfe-dev mailing list
[hidden email]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: [analyzer] Any real projects for testing Static Analyzer?

Fangrui Song via cfe-dev

​Thank you, Gabor.


Please, tell how to run analysis of the whole project from cmd line?

I know how to analyze a sample file with stats:
clang --analyze -Xclang -analyzer-stats​ sample.cpp

But how to analyze e.g. https://github.com/protocolbuffers/protobuf or https://github.com/webmproject/libwebm

What line should be if I want to use exactly raw command?



Denys Petrov
Senior С++ Developer | Kharkiv, Ukraine


От: Gábor Márton <[hidden email]>
Отправлено: 13 мая 2020 г. 19:40
Кому: Denis Petrov
Копия: cfe-dev
Тема: Re: [cfe-dev] [analyzer] Any real projects for testing Static Analyzer?
 

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.  If you suspect potential phishing or spam email, report it to [hidden email]

Hi Denis,

I am using csa-testbanch to test the performance and stability of my patches. It can aggregate the analyzer statistics and provides really nice charts. Under the hood it uses CodeChecker.
The usual projects I run the tests are (in increasing complexity for the analyzer):
  • tmux
  • curl
  • redis
  • xerces
  • bitcoin
  • protobuf
Here are two example configurations that I use for the testbanch:
Note, these config files describe how to build the projects and what kind of parameters to add to each analyzer invocations.

Cheers,
Gabor

On Wed, May 13, 2020 at 1:37 PM Denis Petrov via cfe-dev <[hidden email]> wrote:

Hi, all.


What (open) projects do you use to test CSA (features, performance, etc.)?

I was trying to find any, but it is harder then I thought. I'm using Windows and many projects use posix includes.


My aim is to test performance of my patch. Or maybe somebody could do this for me :).



Denys Petrov
Senior С++ Developer | Kharkiv, Ukraine

_______________________________________________
cfe-dev mailing list
[hidden email]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev

_______________________________________________
cfe-dev mailing list
[hidden email]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: [analyzer] Any real projects for testing Static Analyzer?

Fangrui Song via cfe-dev
In reply to this post by Fangrui Song via cfe-dev

BTW,


I am trying to get a report from tinyxml2 (https://github.com/leethomason/tinyxml2) project running:
scan-build -stats -o . --use-analyzer=<path>\clang.exe make

preliminarily adding next `devision by zero` function to tinyxml2.cpp​ file .

int f(bool is)
{
  int x = 0;
  int y = x;
  int z = 0;
  if(y == 0)
  {
    z = 12 / x;
  }
  return z;
}

But the result is:

scan-build: Analysis run complete.
scan-build: Removing directory '<path>/tinyxml2-master/build/2020-05-14-215742-2708-1' because it contains no reports.
scan-build: No bugs found.


What am ​I doing wrong?



Denys Petrov
Senior С++ Developer | Kharkiv, Ukraine


От: Gábor Márton <[hidden email]>
Отправлено: 13 мая 2020 г. 19:40
Кому: Denis Petrov
Копия: cfe-dev
Тема: Re: [cfe-dev] [analyzer] Any real projects for testing Static Analyzer?
 

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.  If you suspect potential phishing or spam email, report it to [hidden email]

Hi Denis,

I am using csa-testbanch to test the performance and stability of my patches. It can aggregate the analyzer statistics and provides really nice charts. Under the hood it uses CodeChecker.
The usual projects I run the tests are (in increasing complexity for the analyzer):
  • tmux
  • curl
  • redis
  • xerces
  • bitcoin
  • protobuf
Here are two example configurations that I use for the testbanch:
Note, these config files describe how to build the projects and what kind of parameters to add to each analyzer invocations.

Cheers,
Gabor

On Wed, May 13, 2020 at 1:37 PM Denis Petrov via cfe-dev <[hidden email]> wrote:

Hi, all.


What (open) projects do you use to test CSA (features, performance, etc.)?

I was trying to find any, but it is harder then I thought. I'm using Windows and many projects use posix includes.


My aim is to test performance of my patch. Or maybe somebody could do this for me :).



Denys Petrov
Senior С++ Developer | Kharkiv, Ukraine

_______________________________________________
cfe-dev mailing list
[hidden email]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev

_______________________________________________
cfe-dev mailing list
[hidden email]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev