[Ksummit-2013-discuss] [ATTEND] static checking; COMPILE_TEST
Julia Lawall
julia.lawall at lip6.fr
Sat Jul 20 05:56:02 UTC 2013
On Fri, 19 Jul 2013, Kees Cook wrote:
> On Fri, Jul 19, 2013 at 9:17 AM, Wolfram Sang <wsa at the-dreams.de> wrote:
> > On Fri, Jul 19, 2013 at 06:55:39PM +0300, Dan Carpenter wrote:
> >> On Fri, Jul 19, 2013 at 11:21:01AM +0200, Jiri Slaby wrote:
> >> > Yes, this is exactly my point. There are outputs of analyzers (I give
> >> > coverity as an example), but maintainers ignore those (one random
> >> > example is at [1]). Then people which do not understand the code well
> >> > enough, come up with fixes which are inappropriate.
> >>
> >> These days Fengguang will send a warning to the person who
> >> introduces the bug as soon as it shows up on a public git tree.
> >> He does GCC warnings, Sparse, and Coccinelle. I do the same for
> >> Smatch warnings. If you warn the right people while the code is
> >> still fresh in their mind then it tends to get fixed.
> >
> > I run all these checks automatically when applying patches to my trees.
> > Yes, there are some false positives, but it still helps a lot.
>
> How are you currently dealing with false positives that come out of
> coccicheck? I have a rule I want to put in the tree, but it does end
> up with a few false positives.
I believe that Fengguang only takes rules labelled as having high
confidence. Those do have false positives too, occasionally.
julia
More information about the Ksummit-2013-discuss
mailing list