Mass filing of clang warnings

Albrecht Dreß albrecht.dress at
Mon Mar 16 21:13:53 CET 2015

Am 16.03.15 18:56 schrieb(en) Hans-Christoph Steiner:
> I am sure there is a way to make cppcheck happy that makes sense in the code.  That way, GnuPG can gain the real benefits of automatic runs of cppcheck.

I think what you are basically requesting is a coding guideline...

Such guidelines are *very* common for safety-related applications.  E.g. they are explicitly required when writing C software according to IEC 61508 (Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems), or for automotive (ISO 26262, the coding guideline is MISRA [1]), or for aviation (DO-178C [2]), etc. etc.  A well-known freely available set of rules (with some overlap with MISRA) are the CERT Secure Coding Standards [3].

IMHO, a /security/ application could also benefit from using standards developed for /safety/ related stuff...

Unfortunately, cppcheck cannot validate (afaik) against the aforementioned standards.  At work I have to write software according to MISRA (for IEC 61508 compliance) and use Flexelint [4] for the validation, which not oss, but one of the cheaper tools available (compared to Eclair, LDRA, ...).  Needless to mention that it produces tons of false-positives, too...


[1] <>
[2] <>
[3] <>
[4] <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: </pipermail/attachments/20150316/62d38adc/attachment-0001.sig>

More information about the Gnupg-devel mailing list