A Static Analysis of the Vim Source

I saw an article posted by Christian Brabandt to the vim_dev group about a static analysis of the Vim source:

For each compiler call, we added an analyzer call into the make-file … Then we built the project in the usual way through the make command

Its code proved to be of a very high quality and I found no obvious bugs in it (though the coding style is somewhat arguable in certain places, but I think it has to do with the project age). Nevertheless, I still found a few fragments that should be reviewed.

Some of the issues include buffer underflow, hard to read loops, scope issues, and style issues like short variable names. Here’s an example of a scope problem, where a pointer is stored outside of the scope that it is used:

char_u *p, *old;
//...
{
  char_u        buffer[BUFLEN + 1];
  //...
  for (p = buffer; p < buffer + len; p += l)
    //...

The pointer p is declared at the top of the function, but the author of the post says that there are cases where similar declarations have global scope. The author argues that the way this pointer is used means the code is harder to read and less maintainable.

A static analysis of a large project like Vim takes time to interpret — you can’t just accept every warning and blindly refactor code. However, it would be encouraging to see code hygiene improvements on the vim_dev list as well as the usual bug fixes and features.