Mass filing of clang warnings
Werner Koch
wk at gnupg.org
Thu Mar 12 11:25:55 CET 2015
On Wed, 11 Mar 2015 19:12, hans at guardianproject.info said:
> In my experience with cppcheck, it will better understand the code if that
> code does not include bits that cppcheck is confused by. I have changed little
> things in response to cppcheck warnings, and that then made cppcheck find real
I showed a real standard coding pattern. If cppcheck is not able to
detect this very basic technique it produces too many false positives.
Clobbering the code with annotations for such a thing is not going to
work.
Another example (bug 1908):
t-ed25519.c:182:10: warning: Dereference of null pointer (loaded from variable 'p')
*p = 0;
~ ^
Now look at the code:
if (!p)
die ("input line %d not terminated or too long\n", *lineno);
*p = 0;
Now can that happen? Analyzing the static function die() would have
shown that it will never return. Okay, it would have been possible to
use __attribute__ ((__noreturn__)) which I often use for non-test
programs but a simple analysis of die should have come to the same
result.
Or look at bug 1906 - I can only conclude that the used version of
ccc-analyzer is broken. I have seen way better reports from Clang.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list