There -seems- to be a nice tool here: http://sixgill.org/ svn checkout http://svn.sixgill.org/trunk xgill That we could run over LibreOffice - clearly you'd need to be able to build it, and then enable the gcc (4.5 at least) plugin. Then of course, we'd need to compile LibreOffice with this enabled, and see if the analysis is useful - and/or whether the tool can cope with a project the size and complexity of LibreOffice. If so - I suspect it will throw up a lot of interesting output.
I downloaded sixgill and as required install gcc-plugin, downloaded CVC3 + yices , used this command : ./configure --with-yices=/home/julien/yices/yices-1.0.33 then make but I've got the error : xgill.c:812:46: error: ‘PLUGIN_FINISH_DECL’ undeclared (first use in this function) The INSTALL file of sixgill tells : If your build fails with an error about PLUGIN_FINISH_DECL not being found, then you need to patch your GCC and rebuild it. The patch is at http://gcc.gnu.org/ml/gcc-patches/2009-12/msg01032.html I'm not sure to be ready to recompile gcc (PC Debian x86-64, gcc (Debian 4.6.2-11) 4.6.2)
Gosh, clearly this task fits someone best who has an up-to-date gcc. Then again, compiling gcc is much less scary than compiling libreoffice ;-) [ although you tend to need a new binutils too ;-]. Thanks for trying !
Deleted "Easyhack" from summary.
Just for information, there's a new repo for sixgill here: https://github.com/rillian/xgill In order to have gcc plugin enabled during xgill building, we just need to have gcc-4.<version>-plugin-dev package installed. So I could build xgill but I don't know how to use it. I found about COMPILER_PLUGINS in configure.ac and then I took a look on clang part but it didn't help me to know how to quickly use the plugin.
Is there actually any documentation how to use this tool?
I gave a new try but had this: julien@julienPC:~/sixgill/xgill/testjul$ gcc -fplugin=/home/julien/sixgill/xgill/gcc/xgill.so -c test.cpp cc1plus: error: cannot load plugin /home/julien/sixgill/xgill/gcc/xgill.so /home/julien/sixgill/xgill/gcc/xgill.so: undefined symbol: get_identifier Mathias: never found doc too about this.
I am interested in working on this task. Looking at Sixgill it appears tha project has not been updated in 3 years. It depends on GCC 4.5 plugin and Yices 1.0 (if you want their solver) APIs. I am using GCC 4.8 on Fedora 19. At first glance Yices appears to have been updated to 2.0 since the last release of sixgill as well as GCC being updated. I see the tasks to get this project working to be: - Update Sixgill to use Yices 2.0 - Fix compiling problems - Figure out how to use Sixgill on the code. Is there a particular directory we should start on?
Hi Stephen ! great to have you interested - of course, we're interested in throwing as much static checking as we can get at the LibreOffice code-base and fixing the results :-) Sixgill was just an idea - if there are other better analysers out there you're aware of that would be better, we should use those - but either way - thanks so much for digging into this one ! The "we produce bazillions of false-positives" angle on this that I now see in their website sounds a bit concerning ;-) Then again, we compile rather well with clang these days, so that bit should be easy. I imagine you'd need to compile all of the code to get far; but there are some smaller pieces that you could do - eg. low-level tooling to check how 'sal' works. eg. svx's 'gengal' is 1/2 way up the software stack - or rsc/Executable_rsc.mk is reasonably near the bottom. HTH ! & looking forward to you results. Thanks,
adding LibreOffice developer list as CC to unresolved EasyHacks for better visibility. see e.g. http://nabble.documentfoundation.org/minutes-of-ESC-call-td4076214.html for details
Removing comma from whiteboard (please use a space to delimit values in this field) https://wiki.documentfoundation.org/QA/Bugzilla/Fields/Whiteboard#Getting_Started
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.