[Gluster-devel] Proposal: Using LLVM clang-analyzer in gluster development

Prasanna Kalever pkalever at redhat.com
Wed May 27 07:04:44 UTC 2015 

Hi Ira Cooper, I have seen the reports of both Coverity and Clang.

Clang catches only 60-70 types of bugs, on the other hand Coverty supports 110-120 (most of them are similar bugs)
Clang has high ratio of false positives compared to Coverity.

Also Coverity is proprietary tool, Even I heard that Coverity gives access to use it twice a week/month for free 
to our community. But the point here is everybody cannot get access to run.

The Idea is not to drop Coverity rather reduce the defect injection in to project by using Clang-Analyzer.

Best Regards,
Prasanna Kumar K


----- Original Message -----
From: "Ira Cooper" <icooper at redhat.com>
To: "Prasanna Kalever" <pkalever at redhat.com>
Cc: gluster-devel at gluster.org
Sent: Tuesday, May 26, 2015 10:54:31 PM
Subject: Re: [Gluster-devel] Proposal: Using LLVM clang-analyzer in gluster	development

Prasanna, have you compared the results to the ones we see via coverity?

-Ira

----- Original Message -----
> Hi gluster team,
> 
> Proposal:
> 
> Using Clang static analyzer tool for gluster project
> 
> 
> 
> About Clang:
> 
> From a very high level view, Clang has two features
> 
> 1. Clang as a compiler
> 2. Clang as a code analyzer
> 
> The Idea hear is to use second point i.e Clang as code analyzer and still gcc
> will be our default compiler.
> 
> The Clang Static Analyzer is a source code analysis tool that finds bugs in
> C,
> C++, and Objective-C programs. Given the exact same code base, clang-analyzer
> reported ~70 potential issues. clang is an awesome and free tool.
> 
> The reports from clang-analyzer are in HTML and there’s a single file for
> each
> issue and it generates a nice looking source code with embedded comments
> about
> which flow that was followed all the way down to the problem.
> 
> 
> 
> Why Clang-Analyzer: (Advantages)
> 
> Since its is an open source tool:
>        
>        Available to all the developers
>        
>        Easy Access, we can run the tool while we compile the code (say $
>        scan-build make )
>        
>        No restrictions on Number of Runs per week/day/hour/min ..
>        
>        Defects are Identified before submitting a patch, thus very less
>        chance
>        of defect injection into project
> 
> 
> The Html view of clang is very impressive with all the source code including
> comments of clang-analyzer, which lead to defect line number directly .
> 
> I have attached a sample clang results for geo-replication module run on
> latest 3.7+ glusterfs code, please find them above.
> 
> Thanks for your time.
> 
> Best Regards,
> Prasanna Kumar K.
> 
> 
> _______________________________________________
> Gluster-devel mailing list
> Gluster-devel at gluster.org
> http://www.gluster.org/mailman/listinfo/gluster-devel
>

More information about the Gluster-devel mailing list