NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: static analysis on NetBSD code.

I hesitate a bit to step into this, but agree with the notion that
static analysis tools must be used with great care by people who really
understand programming.

I've seen Coverity get run over a large codebase.  Some of the issues
found were false alarms, and many were real.  Often it was "this
variable could be used uninitialized".  In some cases where one could
make an argument Coverity was wrong (due to a bunch of complicated ifs),
we decided to just initiailize to a safe value at the beginning.
Basically, if it takes longer than 30 seconds to explain why the code is
right, it's better off being fixed.   A number of the issues found were
dead on, though.

I've also seen people change code to pacify Coverity and introduce bugs;
the tools definitely must be used with care.

Attachment: pgp1MRirQ8ovv.pgp
Description: PGP signature

Home | Main Index | Thread Index | Old Index