Front page | perl.perl5.porters |
Postings from October 2015
cadvise?
HP-UX cadvise (Code Advisor), a lint-like static checker:
http://h21007.www2.hp.com/portal/site/dspp/menuitem.863c3e4cbcdc3f3515b49c108973a801/?ciid=8b08a31f05f02110a31f05f02110275d6e10RCRD
Don't blame me for that URL - on that page there's a link for the
"User Guide" and "Diagnostics Rerefence Guide", but I am out of random
hexdigit URL quota for now.
H.Merijn was kind enough to install that to the p5p-hpux.
I then used the cadvise_cc wrapper recipe (see the above doc) and
cadvice +wall ("warnings turned to eleven") with blead f83e001e and
./Configure -des -Dusedevel -Dusethreads -DDEBUGGING -Dcc=$PWD/cadvise_cc
The results?
The executive summary: lots of noise.
I *did* turn the warnings to eleven, much of which we could get from
e.g. gcc/clang options like -Wshadow, -Wcast-align, -Wconversion,
all of which bring a lot of wailing forth from the core, and are
probably not worth fixing en masse. The sad part is that *some* of
those hundreds of warnings *might* be sign of more serious bugs.
But there seem to be some nuggets in there, of less and possibly more
value, like:
"op.c", line 12164: warning #2228-D: trailing comma is nonstandard
AAS_DEFAV = 0x200, /* contains just a single '@_' on RHS */
^
One cool thing I noticed is that among other this tool has basically
taint checking for C code: it detects evil vapours from the outside
(like I/O or getenv) affecting the code flow. Something that people
might want to take a closer look at.
Medium level (engineering manager?) summary at the end (the output of
cadvice report -pdb mypdb), with counts per warning type.
Detailed level (engineer?) summary at this link (the output of
cadvice report -pdb mypdb --all)
https://www.dropbox.com/s/mdz5z42abixmm2f/cadvise%2Bwall-report-all-blead-f83e001e.txt.gz?dl=0
---
Report generated using "HP Code Advisor C.02.30 [March 1 2013]" on
p5p-hpux at Wed Oct 7 01:43:01 2015
Report command line: "/opt/cadvise/bin/cadvise report -pdb mypdb "
=============================== SUMMARY REPORT
=================================
Unique warnings: 5875
Duplicate warnings: 5676
Sev. Count Diagnostic Message
--------------------------------------------------------------------------------
8 42 warning #2549-D: "variable" is used before its value is set
7 1 warning #4277-D: logical AND with a constant, do you mean
to use '&'?
7 6 warning #20206-D: Possible out of bound access (%s)
6 2 warning #2187-D: use of "=" where "==" may have been intended
6 5 warning #2940-D: missing return statement at end of
non-void function
6 16 warning #20037-D: variable "%s" may be used before its
value is set
6 34 warning #4354-D: One of the operands of the %sq operation
is a string literal, strcmp() is recommended for such comparison
5 1 warning #2228-D: trailing comma is nonstandard
5 3 warning #2191-D: type qualifier is meaningless on cast type
5 3 warning #20207-D: Out of bound access (%s)
5 3 warning #20208-D: Forming out of bound address (%s)
5 6 warning #4275-D: constant out of range (%s) for the operator
5 6 warning #20117-D: (SECURITY) Tainted value may be used in
array index expression
5 8 warning #4289-D: endian porting: the definition of the
union may be endian dependent
5 9 warning #4299-D: 64 bit migration: multiply result could be
truncated before cast to bigger sized type
5 12 warning #20112-D: (SECURITY) Tainted data may be copied to
the target buffer
5 27 warning #20111-D: (SECURITY) Tainted data may be used in
data length computation
5 31 warning #20114-D: (SECURITY) Tainted value may be used in
loop exit condition computation
5 34 warning #20118-D: Tainted value may be used in pointer
arithmetic expression
5 45 warning #4249-D: 64 bit migration: value could be truncated
before cast to bigger sized type.
5 107 warning #4292-D: endian porting: the dereference of cast
pointer may be endian dependent
5 164 warning #3348-D: declaration hides %nd
5 168 warning #4232-D: conversion from %t1 to a more strictly
aligned type %t2 may cause misaligned access
5 240 warning #4276-D: relational operator %sq always evaluates
to 'false'
5 597 warning #20200-D: Potential null pointer dereference %s%s
is detected %s
4 1 warning #20202-D: Allocated memory may potentially be leaked %s
4 22 warning #2111-D: statement is unreachable
4 22 warning #2550-D: %n was set but never used
4 55 warning #4296-D: %s operation on boolean type
4 403 remark #4356-D: operand of sizeof is a constant rvalue,
this might not be what you intended
3 1 warning #2068-D: integer conversion resulted in a change of
sign
3 1 remark #3813-D: empty dependent statement in if-statement
3 2 remark #3817-D: nonstandard number of parameters for
"main", expected zero or two parameters
3 2 remark #6284-D: declaration hides %nd
3 4 remark #2177-D: %n was declared but never referenced
3 9 remark #4273-D: floating-point equality and inequality
comparisons may be inappropriate due to roundoff common in
floating-point computation
3 12 remark #2826-D: %n was never referenced
3 12 remark #4315-D: %s loop without body, did you insert an
extra ';'?
3 16 remark #4264-D: padding size of struct <anonymous> with %s
bytes to alignment boundary
3 19 warning #20119-D: (SECURITY) Use of API may be unsafe.
3 55 remark #4298-D: 64 bit migration: addition result could be
truncated before cast to bigger sized type
3 63 remark #4231-D: 64 bit migration: conversion between types
of different sizes has occurred
3 278 remark #4235-D: conversion from %t1 to %t2 may lose
significant bits
3 403 remark #4229-D: 64 bit migration: conversion from a larger
type to a smaller type may truncate value
3 512 warning #4364-D: endian porting: type cast is endian dependent
3 546 remark #4278-D: the subexpression in logical expression is
a constant
3 673 remark #4237-D: type cast from %t1 to %t2 may cause sign
extension to a larger size integer.
3 1154 remark #4272-D: conversion from %t1 to %t2 may lose sign
1 12 remark #4255-D: padding size of struct %sq1 with %s2 bytes
to alignment boundary
1 28 remark #4227-D: padding struct with %s1 bytes to align
member %sq2