GTK: What the first run of the analyzer looks like in numbers

For some people, introducing a static analyzer into a project looks like an insurmountable obstacle. For some reason, the opinion is very widespread that the volume of the analysis results issued at the first launch is so large that only two options are considered: do not mess with it or switch all people to fix warnings. In this article, we will try to dispel this myth by implementing and configuring the analyzer on a GTK project.

Introduction

GTK – . GTK 4, PVS-Studio. , . PVS-Studio C++ .

GTK

:

4 (Fails) + 1102 (High) + 1159 (Medium) + 3093 (Low) = 5358 .

, .

:

V530 [CWE-252] The return value of function 'g_strrstr_len' is required to be utilized. strfuncs.c 1803

/* Testing functions bounds */
static void
test_bounds (void)
{
  ....
  g_strrstr_len (string, 10000, "BUGS");
  g_strrstr_len (string, 10000, "B");
  g_strrstr_len (string, 10000, ".");
  g_strrstr_len (string, 10000, "");
  ....
}

      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
    

, GTK, PVS-Studio.

:

gtk/_build/
gtk/subprojects/
gtk/tests/
gtk/testsuite/

      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
    

:

2 (Fails) + 819 (High) + 461 (Medium) + 1725 (Low) = 3007 .

, , — .

, , - . :

V501 There are identical sub-expressions '* (& pipe->ref_count)' to the left and to the right of the '^' operator. gdkpipeiostream.c 65

static GdkIOPipe *
gdk_io_pipe_ref (GdkIOPipe *pipe)
{
  g_atomic_int_inc (&pipe->ref_count);

  return pipe;
}

      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
    

- - . . . , :

#V501
//-V:g_atomic_int_:501
#V547
//-V:GTK_IS_:547
//-V:GDK_IS_:547
//-V:G_IS_:547
//-V:G_VALUE_HOLDS:547
#V568
//-V:g_set_object:568

      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
    

, V501, V547 V568.

:

2 (Fails) + 773 (High) + 417 (Medium) + 1725 (Low) = 2917 .

. V1042:

V1042 [CWE-1177] This file is marked with copyleft license, which requires you to open the derived source code. main.c 12

, . GTK , :

2 (Fails) + 164 (High) + 417 (Medium) + 1725 (Low) = 2308 .

2 Fails:

• V002 Some diagnostic messages may contain incorrect line number in this file. gdkrectangle.c 1

  
  
  
  
  

• V002 Some diagnostic messages may contain incorrect line number in this file. gdktoplevelsize.c 1

  
  
  
  
  

, , . 1-2 , - . , MSVC.

.

:

164 (High) + 417 (Medium) + 1725 (Low) = 2306 .

, , , , : , . , V501 , :

V501 There are identical sub-expressions 'G_PARAM_EXPLICIT_NOTIFY' to the left and to the right of the '|' operator. gtklistbase.c 1151

static void
gtk_list_base_class_init (GtkListBaseClass *klass)
{
  ....
  properties[PROP_ORIENTATION] =
    g_param_spec_enum ("orientation",
                       P_("Orientation"),
                       P_("The orientation of the orientable"),
                       GTK_TYPE_ORIENTATION,
                       GTK_ORIENTATION_VERTICAL,
                       G_PARAM_READWRITE |
                       G_PARAM_EXPLICIT_NOTIFY |  // <=
                       G_PARAM_EXPLICIT_NOTIFY);  // <=
  ....
}

      
      

        
        
        
      

    
        
        
        
      
      

        
        
        
      

    
    

! . 57%. , .

, , . , , . , .

.

, , . , , , . , .

, . , . , , , . , . , EFL Core Libraries , , 10-15% . , , 1-2 8-9 .

, . . . , . " legacy ".

.

, : Svyatoslav Razmyslov. GTK: The First Analyzer Run in Figures.