Static Analysis

From WineHQ Wiki
Revision as of 23:19, 28 February 2016 by KyleAuble (talk | contribs) (Begin moving over Static Analysis page)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Under construction icon-red.svg
Work in progress: This page is currently undergoing extensive revision. External links to specific parts of this page may now be broken due to the section having been edited, moved, merged with another section, or removed altogether. Consult the table of contents to find the section you are looking for. There may be related discussion on the talk page.

Static analysis is a technique for finding bugs just by looking at source code without actually running it. That's great because it can find bugs that are really hard to trigger.

Current Tools


Coverity is a static analysis service that offers free, periodic scans to many open source apps, including Wine. You can see a result summary for the most recent scan at Wine's Coverity page.

To see detailed results, after setting up an account (you can also just login with an existing Github account), you need to be granted access rights as a member of the project. Our official contacts are Paul Vriens and Jan Zerebecki so you'll want to email them to request privileges.

When posting patches to fix bugs found by Coverity, please include (Coverity) in the subject line. If you're interested, you can see a list of Coverity-related patches in Wine.


PVS-Studio is a commercial static analysis tool, and the developing company kindly runs scans on open source projects from time to time. For those interested in purchasing the tool, it integrates into Visual Studio and has a deeper knowledge of the Windows API.

While this has the benefit of finding unique defects in Wine, there are also a ton of "intended behaviour" cases, especially in the Wine tests. Nevertheless, quite a few Wine commits can be credited to PVS-Studio. If you submit a patch to fix a bug found by PVS-Studio, be sure to include (PVS-Studio) in the subject line.

Here are some other reports done by PVS-Studio for Wine code:

 * The second analysis from October 2015, which also includes fixes since the first run. 
 * The first analysis in August 2014.
 * A ReactOS analysis that also covers Wine code too, from September 2011.
 * Bugs reported by PVS-Studio in WineHQ's Bugzilla.

Besides these scans, PVS-Studio has provided some of the developers (Michael Stefaniuc and Nikolay Sivov) with the raw data from these analyses, as well as temporary licenses for PVS-Studio. The data can be shared freely with Wine developers, though as XML it is hard to read but beautiful to process.


Coccinelle is an open source static analysis tool developed jointly by several French research institutes. Students at Aalborg University say they found a number of bugs with it in 2008; both Paul Vriens and Michael Stefaniuc have been using it since 2009 too.

When posting patches to fix bugs found by Coccinelle, don't forget to include (Coccinelle) in the subject line. You can see a list of all Coccinelle-motivated patches in Wine's git history. Michael Stefaniuc has also shared some Wine-oriented Coccinelle scripts you might find interesting.

Clang Static Analyzer

Clang (the C-language front end to the LLVM compiler) includes a new static analysis tool currently named the Clang Static Analyzer. Henri Verbeet was the first to submit patches fixing errors detected by the Clang Static Analyzer, the first one coming in October 2008.

When posting patches to fix bugs found by Clang, please include (Clang) in the subject line; as with the other tools, you can see all Clang-related patches in our git history.


Students at Aalborg University say they found a number of bugs using Coccinelle and Flawfinder.

There was a discussion about adding Flawfinder to PatchWatcher (which went a bit off-topic due to mailman sending out duplicate messages), but there were too many false positives for it to be much use.

sixgill is a new static code analysis tool that has not yet been used in Wine. Mozilla's static analysis team makes use of it and recommends it in this video.

Old / Unused Tools


Smatch is an open source static analysis tool based on sparse, the checker used by the Linux kernel. The obsolete version was based on a version of gcc-3.1.1 hacked to dump its intermediate representation of the code, along with some perl modules and scripts to analyze the dumped IR code.

MichaelStefaniuc adapted an existing script in the old Smatch to find code paths with missing `LeaveCriticalSection`'s. Scripts to find some other useful things like fd, DC, and GDI object leaks should be easy to write. Michael also created a page with more info on using Smatch to test Wine. However, at least as of Jan 2010, he expressed some interest in switching over to Coccinelle because it seemed to make prototyping much easier.

You can also see all Smatch-related patches in the Wine git tree.


Saturn was the second static analysis tool to originate at Stanford University (the first one, MC aka the Stanford Checker, would become Coverity). The tool is still free to download and there is a mailing list for discussing it, though neither seems to have been updated in years.

Although no patches based on Saturn results were ever committed to Wine, a first patch was submitted in Jan 2009.