Mass filing of clang warnings

Werner Koch wk at gnupg.org
Thu Mar 12 11:25:55 CET 2015


On Wed, 11 Mar 2015 19:12, hans at guardianproject.info said:

> In my experience with cppcheck, it will better understand the code if that
> code does not include bits that cppcheck is confused by. I have changed little
> things in response to cppcheck warnings, and that then made cppcheck find real

I showed a real standard coding pattern.  If cppcheck is not able to
detect this very basic technique it produces too many false positives.
Clobbering the code with annotations for such a thing is not going to
work.

Another example (bug 1908):

t-ed25519.c:182:10: warning: Dereference of null pointer (loaded from variable 'p')
      *p = 0;
       ~ ^

Now look at the code:

      if (!p)
        die ("input line %d not terminated or too long\n", *lineno);
      *p = 0;

Now can that happen?  Analyzing the static function die() would have
shown that it will never return.  Okay, it would have been possible to
use __attribute__ ((__noreturn__)) which I often use for non-test
programs but a simple analysis of die should have come to the same
result.

Or look at bug 1906 - I can only conclude that the used version of
ccc-analyzer is broken.  I have seen way better reports from Clang.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-devel mailing list