[Ksummit-2013-discuss] [ATTEND] static checking; COMPILE_TEST
Kees Cook
keescook at chromium.org
Fri Jul 19 21:57:03 UTC 2013
On Fri, Jul 19, 2013 at 9:17 AM, Wolfram Sang <wsa at the-dreams.de> wrote:
> On Fri, Jul 19, 2013 at 06:55:39PM +0300, Dan Carpenter wrote:
>> On Fri, Jul 19, 2013 at 11:21:01AM +0200, Jiri Slaby wrote:
>> > Yes, this is exactly my point. There are outputs of analyzers (I give
>> > coverity as an example), but maintainers ignore those (one random
>> > example is at [1]). Then people which do not understand the code well
>> > enough, come up with fixes which are inappropriate.
>>
>> These days Fengguang will send a warning to the person who
>> introduces the bug as soon as it shows up on a public git tree.
>> He does GCC warnings, Sparse, and Coccinelle. I do the same for
>> Smatch warnings. If you warn the right people while the code is
>> still fresh in their mind then it tends to get fixed.
>
> I run all these checks automatically when applying patches to my trees.
> Yes, there are some false positives, but it still helps a lot.
How are you currently dealing with false positives that come out of
coccicheck? I have a rule I want to put in the tree, but it does end
up with a few false positives.
-Kees
--
Kees Cook
Chrome OS Security
More information about the Ksummit-2013-discuss
mailing list