Argonne National Laboratory

Experimental Physics and
Industrial Control System

2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  <20162017  2018  2019  2020  2021  Index 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  <20162017  2018  2019  2020  2021 
<== Date ==> <== Thread ==>

Subject: Re: CII Best Practices Badge Status
From: Andrew Johnson <anj@aps.anl.gov>
To: Michael Davidsaver <mdavidsaver@gmail.com>, EPICS core-talk <core-talk@aps.anl.gov>
Date: Mon, 5 Dec 2016 18:15:00 -0600
On 12/05/2016 05:25 PM, Michael Davidsaver wrote:
> On 12/05/2016 05:31 PM, Andrew Johnson wrote:
>> Does anyone have recent experience with static code analysis tools?
>> There are examples and links under the "show details" area for this
>> section of the Best Practices page. I could use some help here.
> 
> I made some use of cppcheck with a project this past spring.  It's easy
> to run, packaged by debian (thus available on travis-ci.org), and FOSS.
> The downsides are those common to static analysis.  It's chatty.
> 
> That said.  I just ran it on src/libCom/ and quickly parsed through the
> output.  cppcheck finds an potential memory leak in macEnv.c.
> 
>> [src/libCom/macLib/macEnv.c:66]: (error) Common realloc mistake: 'dest' nulled but not freed upon failure
> 
>> dest = realloc(dest, n);

I believe that particular spot is actually a false positive, the
realloc() call there only ever _reduces_ the size of the allocated
buffer, so it should never actually fail. If the destination buffer is
no longer needed (n==0, but I don't know if that is actually possible)
then the realloc() call would free the buffer and return NULL, which is
exactly what would be wanted anyway.

> Sorting through this for all of Base will take some time.
> 
> http://cppcheck.sourceforge.net/

Thanks, I will take a look (it is packaged for RHEL-7 as is the GUI so I
just installed both). I like that there's a Jenkins plugin, although
it's currently orphaned (in search of a maintainer). Do you have any
config files for Base already?

- Andrew

-- 
Arguing for surveillance because you have nothing to hide is no
different than making the claim, "I don't care about freedom of
speech because I have nothing to say." -- Edward Snowdon

References:
CII Best Practices Badge Status Andrew Johnson
Re: CII Best Practices Badge Status Michael Davidsaver

Navigate by Date:
Prev: Re: CII Best Practices Badge Status Michael Davidsaver
Next: Build failed in Jenkins: epics-base-3.14-sol #83 APS Jenkins
Index: 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  <20162017  2018  2019  2020  2021 
Navigate by Thread:
Prev: Re: CII Best Practices Badge Status Michael Davidsaver
Next: Build failed in Jenkins: epics-base-3.14-sol #83 APS Jenkins
Index: 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  <20162017  2018  2019  2020  2021 
ANJ, 07 Dec 2016 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·