|
From: | Thomas Dickey |
Subject: | Re: static analysis run on ncurses 5.6 |
Date: | Fri, 1 Aug 2008 19:14:51 -0400 (EDT) |
On Fri, 1 Aug 2008, Larry Zhou wrote:
It is a fact that Klocwork has a higher false positive rate than Coverity, possibly above 75%.
it's looking to be about 50% (I'm a quarter through the list, making notes for changes).
I'm going to be away tomorrow, and will probably have a patch with the fixes on Sunday or Monday.
If you can get 20 to 30 things in "possible" or "potential" range, that would be amazing. On Fri, Aug 1, 2008 at 12:32 PM, Thomas Dickey <address@hidden> wrote:On Fri, 1 Aug 2008, Larry Zhou wrote: Here it goes. 117 warnings total.some of them are false reports (I don't have a count yet, but will work through the list...). For instance, the third in the list (for test/bs.c) appears to be seeing the chunk from 447-457, seeing that 'ss' is set to a nonzero value if c!='R', and not seeing that line 468 will not be executed when c=='R'.You are right about that. That is a false positive. If in anyway, you want to help static analyzer help you. add a debug assert right before line 468. assert(ss);
I see - that's easy to markup...
That would help make your intention clear.(Some of Coverity's were false also - but I won't be surprised if they find different things). Even if half of them were false, that's still a gain. -- Thomas E. Dickey http://invisible-island.net ftp://invisible-island.net
-- Thomas E. Dickey http://invisible-island.net ftp://invisible-island.net
[Prev in Thread] | Current Thread | [Next in Thread] |