Analysis of Haiku Operating System (BeOS Family) by PVS-Studio
Development team of proprietary PVS-Studio C/C++ static analyzer presents their report on the source code of Haiku project in the article, which contains the review of the most suspicious code fragments they discovered.
While the Haiku developers are already using Coverity to identify some problems (mostly security related), PVS-Studio also detects code written in unusual ways or with possibly unexpected behavior. This means it can detect some functional issues, rather than just security problems.
You can read two articles on the official site:
http://www.viva64.com/en/b/0317/
http://www.viva64.com/en/b/0318/
Or have a look at the complete report and help fixing the problems:
Comments
Re: Analysis of Haiku Operating System (BeOS Family) by ...
That was a nice service provided for free by PVS-Studio. Thanks!
Maybe some of the devs can comment on these questions:
Has any of the devs had the chance to take a look at the results yet?
Will there be a concerted effort to fix those bugs?
What's the difference between the Coverity scans and what PVS-Studio does, i.e. why didn't find Coverity the same errors?
What's your favourite blunder? :)
Thanks!
Humdinger
Re: Analysis of Haiku Operating System (BeOS Family) by ...
At least one issue has been already fixed :)
http://cgit.haiku-os.org/haiku/commit/?id=63effa099cceeb049e562c3cbd9128...
Re: Analysis of Haiku Operating System (BeOS Family) by ...
Some of the items in the complete report are false positive (things like "you should use the OS definition instead of redefining the function" - not applicable because we ARE the OS :))
The articles do a good analysis of the problems identified, and you can see why Coverity did not catch them. They are not security issues or things that would cause the code to crash or otherwise use undefined behavior of the C++ language. It seems PVS Studio is able to detect more subtle problems, where the code doesn't crash, but probably will not work as intended. It does so by analysing the code in different ways, such as checking that the indentation matches the actual code flows - which makes it possible to find missing braces, for example, including in subtle cases where a macro is involved.
Re: Analysis of Haiku Operating System (BeOS Family) by ...
I would like to work on some of the issues, to grab my hands deeper in haiku.
Will look at the mailing list for that !