lmms icon indicating copy to clipboard operation
lmms copied to clipboard

Published 20 hours ago verified publisher icon LMMS

Improve project stability/robustness via code auditing tools

Open follower opened this issue 7 years ago • 10 comments

I discovered #3948 by enabling the Clang "Address Sanitizer" in debug mode.

It would probably be good to have this as a configuration option and/or automatically enabled for Debug builds. There is a performance impact from having this enabled but I don't know how significant.

There are other tools/options it would be a good idea to use/run over the code base (noted here for future reference):

I'll look at enabling as many of the options during my usual development as possible and will take a look at the static analysis tools when I have the opportunity. It would be good if others were able to do the same.

This ticket can be closed for project management purposes.

follower avatar Nov 07 '17 09:11 follower

You may also be interested in stoat which identifies realtime safety hazards (which LMMS has an abundance of) via clang/llvm's static analysis capabilities. I've talked about this particular tool in a few places with the most recent being LAC 2017 ( proceedings / recording ) in which LMMS briefly came up at the end of the presentation.

fundamental avatar Nov 08 '17 12:11 fundamental

This will be very interesing, because LMMS maybe was never tested with complex code auditing tools, and some bugs are just unnoticed.

What about this? https://scan.coverity.com

qnebra avatar Nov 10 '17 13:11 qnebra

Thanks for the suggestion @qnebra, my personal preference is to prioritize the use of FLOSS tools but there's nothing stopping one of the project admins submitting LMMS to that service.

follower avatar Nov 12 '17 09:11 follower

Thanks for the pointer @fundamental, have added it to the list. Looks like some super-interesting talks/papers at that conference, thanks for the links.

follower avatar Nov 12 '17 09:11 follower

@qnebra Looks like a couple of people had already submitted LMMS a while back and now there are also a couple of official looking scans pending: https://scan.coverity.com/projects?utf8=%E2%9C%93&search=lmms :)

follower avatar Nov 12 '17 11:11 follower

@lukas-w @tresf Just noticed the "official looking" Coverity scans are still listed as pending (nearly a year later ;) ).

Is this something either of you could remedy? Could be helpful for increasing stability of next release.

follower avatar Sep 28 '18 15:09 follower

Is this something either of you could remedy? Could be helpful for increasing stability of next release.

@follower want to take a swing at it? We can add you to the @LMMS/developers group which should give you what you need (I hope?)

Edit: Role added (invited) @follower. :)

tresf avatar Sep 28 '18 15:09 tresf

Edit: Role added (invited) @follower. :)

Since you clearly weren't going to give up, I've accepted the invite. :D

It would probably be good to try to locate the current account used for https://scan.coverity.com/projects/lmms-lmms but if we don't track that down, I can potentially take a look at setting something up again.

follower avatar Sep 28 '18 17:09 follower

It would probably be good to try to locate the current account used for https://scan.coverity.com/projects/lmms-lmms but if we don't track that down, I can potentially take a look at setting something up again.

@lukas-w appears to have control of that. I'll let him know you're interested.

tresf avatar Sep 28 '18 18:09 tresf

#6840 has been merged in the past year and contains options to use sanitizers. But we still need clazy (and stoat?).

Rossmaxx avatar Apr 14 '24 00:04 Rossmaxx