Static analysis

billw2015

King
Joined
Jun 22, 2015
Messages
837
I have been working through issues detected by cppcheck on my PC fixing them (very many, I may never finish).
But I also ran coverity.
If you want to see the results then sign in here with your github account: https://scan.coverity.com/users/sign_in
Hopefully after that this link should work: https://scan.coverity.com/projects/caveman2cosmos-caveman2cosmos?tab=overview
Then you can click the red + View Defects on the right to see the results.

If you don't see the View Defects button but instead something like Request access then click that and request access as "Defect Viewer" and it should be automatically approved. I can upgrade you later to contributor or maintainer.

It finds many different types of logic errors, unsafe memory usage, bad code constructs etc.
 
Last edited:
I can't see anything in your link (first it said to login with Github account and then 401 error was shown).
I guess you need to screenshot it.
 
I guess only repository owner can see stuff related to it on this website.
No it should be visible read only to anyone, even people not on the project as long as you sign in. I will try with my other account and see what is wrong.
 
No it should be visible read only to anyone, even people not on the project as long as you sign in. I will try with my other account and see what is wrong.
You had broken link here, when I wrote that comment.
Now it works properly.

Now I wonder if these defects slow down game, cause random nonrepeatable crashes, repeatable crashes that happen only on Windows 10 or Windows 7, and cause memory leaks here and there.
Game very rarely crashes on launch, generating map or loading save.
Also game will crash eventually if you keep loading saves without restarting it.

By the way you need to press "add me to project" on top to see more information.
Then billw must approve your request.
Observer/User is for those, who just want to look at progress.
 
Last edited:
Just to confirm you can see the full defect list without me needing to approve you for access?
i.e. This thing:
Spoiler screenshot :

upload_2019-8-25_16-53-50.png



Now I wonder if these defects slow down game, cause random nonrepeatable crashes, repeatable crashes that happen only on Windows 10 or Windows 7, and cause memory leaks here and there.
Any and all of the above, depending on the issue. Things like 'out of bounds write' for instance could mean that random other variables or data are overwritten by garbage. This would manifest as any number of weird and wonderful behaviors depending on what is overwritten and with what values. Its often referred to as a memory scribble and that does a fair job at evoking the implications.
 
Just to confirm you can see the full defect list without me needing to approve you for access?
i.e. This thing:
Spoiler screenshot :
Nope, I'm getting this error, when clicking on "view defects"
Spoiler :

401: Unauthorized
Sorry, your credentials are not valid for this resource.
 
Damn, I changed you to Contributor/Member, it should let you see. Maybe take a white to update credentials?
 
Outstanding new tool there. When I have more bandwidth for the project I'll take a look at running it myself.
We don't run it ourselves, just submit data to them and they run it. We are also limited to running it only a few times a week on a free account, and it takes an hour+.
Instead you should just check out the existing results. Once we think we have tackled some of the problems we can just run it again to update.

It is certainly pretty clever, it is detecting copy pasted code, where it thinks there is an error, e.g.:
https://scan8.coverity.com/reports....27974&mergedDefectId=247563&eventId=9727974-1
Click on these to switch between where it thinks the code was copied from and to:
Spoiler :

upload_2019-8-25_17-12-53.png



This might actually be an error?
However even if these places aren't errors, they ARE places that can be refactored to remove redundant code that only differs by a single function call or variable.
 
Here is a better example, almost certain this is indeed a copy paste error:
Spoiler :

upload_2019-8-25_17-16-44.png



And here:
Spoiler :

upload_2019-8-25_17-19-10.png



A classic:
Spoiler :

upload_2019-8-25_17-21-11.png



Looks dodgy:
Spoiler :

upload_2019-8-25_17-23-25.png


Incidentally this is one (assuming it is wrong) that would have been avoided by only declaring iSpecialistHealth in the scope in which it is used instead of for the entire function scope.
 
Last edited:
Actually I did get the same error myself, I think their servers are just a bit dodgy, try again some time.
 
That first one... iPerTotal = pAttacker on line 72 seems to be what needs to be changed, just glancing at this. The second one clearly is, and yeah, the third also is an issue I think. Good catches with this though.
 
Yeah this is finding loads of good stuff heres another, obviously dereferencing a null pointer:
Spoiler :

upload_2019-8-25_17-29-30.png



And these are after only 5 minutes looking at a handful of the issues, it has generated 600 of them.
 
Yeah this is finding loads of good stuff heres another, obviously dereferencing a null pointer:


And these are after only 5 minutes looking at a handful of the issues, it has generated 600 of them.
Sadly, most of these are my fault of course. *sigh*
 
I just looked a few minutes through the results and i must say that analysis uncovers lots of bad programming errors. It's really good to have it.

Yeah there are loads of them, too many to make a bug for each one. Instead if you (or anyone else) are going to fix some then please mark them off as Fixed in coverity itself using the triage tools so we don't duplicate work!

Spoiler :

upload_2019-8-25_18-24-48.png

 

Attachments

  • upload_2019-8-25_18-24-44.png
    upload_2019-8-25_18-24-44.png
    19.2 KB · Views: 120
Back
Top Bottom