On Fri, Mar 5, 2010 at 11:02 PM, Mark Bucciarelli <mkb...@gmail.com> wrote:
> Is there some set of tools you all use to
> help find bad code?
>
> Specifically, I'm working with a large code
> base (monetdb), and have found two instances
> where the fopen() return value was not
> checked.
>
> Now I'd like to search the tree and find all
> instances of this bug.
>
> How do you do this?  Must it be manual or
> are there static analysis tools (e.g., grep &
> awk or perhaps clang) that you use.
>
> (I didn't mark as OT b/c I'm working towards
> an OpenBSD port of this most-excellent db.)
[...]

grep is an excellent static source code analyzer if you know what you
are looking for. If you don't know what you are looking for, then you
should mostly pay folks who know things that you might be looking for
(for eg., fortify, coverity).

-Amarendra

Reply via email to