Mass filing of clang warnings
albrecht.dress at arcor.de
Mon Mar 16 21:13:53 CET 2015
Am 16.03.15 18:56 schrieb(en) Hans-Christoph Steiner:
> I am sure there is a way to make cppcheck happy that makes sense in the code. That way, GnuPG can gain the real benefits of automatic runs of cppcheck.
I think what you are basically requesting is a coding guideline...
Such guidelines are *very* common for safety-related applications. E.g. they are explicitly required when writing C software according to IEC 61508 (Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems), or for automotive (ISO 26262, the coding guideline is MISRA ), or for aviation (DO-178C ), etc. etc. A well-known freely available set of rules (with some overlap with MISRA) are the CERT Secure Coding Standards .
IMHO, a /security/ application could also benefit from using standards developed for /safety/ related stuff...
Unfortunately, cppcheck cannot validate (afaik) against the aforementioned standards. At work I have to write software according to MISRA (for IEC 61508 compliance) and use Flexelint  for the validation, which not oss, but one of the cheaper tools available (compared to Eclair, LDRA, ...). Needless to mention that it produces tons of false-positives, too...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 190 bytes
Desc: not available
More information about the Gnupg-devel