[tor-commits] [tor/master] Add more checkers to scan-build.

[nickm at torproject.org]

commit f9f3014ce657976aa81dc6c1fae9175f9b1f9c20
Author: Nick Mathewson <nickm at torproject.org>
Date:   Tue Sep 12 21:31:59 2017 -0400

    Add more checkers to scan-build.
---
 scripts/test/scan-build.sh | 60 +++++++++++++++++++++++++++++++---------------
 1 file changed, 41 insertions(+), 19 deletions(-)

diff --git a/scripts/test/scan-build.sh b/scripts/test/scan-build.sh
index 765297ee6..fdd1c7a4f 100755
--- a/scripts/test/scan-build.sh
+++ b/scripts/test/scan-build.sh
@@ -5,7 +5,46 @@
 # This script is used for running a bunch of clang scan-build checkers
 # on Tor.
 
-CHECKERS=""
+# These don't seem to cause false positives in our code, so let's turn
+# them on.
+CHECKERS="\
+    -enable-checker alpha.core.CallAndMessageUnInitRefArg \
+    -enable-checker alpha.core.CastToStruct \
+    -enable-checker alpha.core.Conversion \
+    -enable-checker alpha.core.FixedAddr \
+    -enable-checker alpha.core.IdenticalExpr \
+    -enable-checker alpha.core.PointerArithm \
+    -enable-checker alpha.core.SizeofPtr \
+    -enable-checker alpha.core.TestAfterDivZero \
+    -enable-checker alpha.security.MallocOverflow \
+    -enable-checker alpha.security.ReturnPtrRange \
+    -enable-checker alpha.unix.BlockInCriticalSection \
+    -enable-checker alpha.unix.Chroot \
+    -enable-checker alpha.unix.PthreadLock \
+    -enable-checker alpha.unix.PthreadLock \
+    -enable-checker alpha.unix.SimpleStream \
+    -enable-checker alpha.unix.Stream \
+    -enable-checker alpha.unix.cstring.BufferOverlap \
+    -enable-checker alpha.unix.cstring.NotNullTerminated \
+    -enable-checker alpha.valist.CopyToSelf \
+    -enable-checker alpha.valist.Uninitialized \
+    -enable-checker alpha.valist.Unterminated \
+    -enable-checker security.FloatLoopCounter \
+    -enable-checker security.insecureAPI.strcpy \
+"
+
+# These have high false-positive rates.
+EXTRA_CHECKERS="\
+    -enable-checker alpha.security.ArrayBoundV2 \
+    -enable-checker alpha.unix.cstring.OutOfBounds \
+    -enable-checker alpha.core.CastSize \
+"
+
+# These don't seem to generate anything useful
+NOISY_CHECKERS="\
+    -enable-checker alpha.clone.CloneChecker \
+    -enable-checker alpha.deadcode.UnreachableCode \
+"
 
 scan-build \
     $CHECKERS \
@@ -18,27 +57,10 @@ scan-build \
     make -j5 -k
 
 CHECKERS="\
-    -disable-checker deadcode.DeadStores \
-    -enable-checker alpha.core.CastSize \
-    -enable-checker alpha.core.CastToStruct \
-    -enable-checker alpha.core.IdenticalExpr \
-    -enable-checker alpha.core.SizeofPtr \
-    -enable-checker alpha.security.ArrayBoundV2 \
-    -enable-checker alpha.security.MallocOverflow \
-    -enable-checker alpha.security.ReturnPtrRange \
-    -enable-checker alpha.unix.SimpleStream
-    -enable-checker alpha.unix.cstring.BufferOverlap \
-    -enable-checker alpha.unix.cstring.NotNullTerminated \
-    -enable-checker alpha.unix.cstring.OutOfBounds \
-    -enable-checker alpha.core.FixedAddr \
-    -enable-checker security.insecureAPI.strcpy \
-    -enable-checker alpha.unix.PthreadLock \
-    -enable-checker alpha.core.PointerArithm \
-    -enable-checker alpha.core.TestAfterDivZero \
 "
 
 # This one gives a false positive on every strcmp.
 #    -enable-checker alpha.core.PointerSub
 
 # Needs work
-#  alpha.unix.MallocWithAnnotations ??
+#    -enable-checker alpha.unix.MallocWithAnnotations