Hey, Thank you for doing this! I started taking apart systemd findings and reported a first issue against gcc [0], so we can hopefully squash the false positives from the results (at least the ones repored by gcc's -fanalyzer) and make them more useful. One thing that comes to mind (especially after the battle in [1]): how does the gcc's -fanalyzer handle optimized builds? In Fedora we currently (IIRC) build with -O2, and if I do a systemd build locally with both -O0 and -O2, the latter one generates more warnings. There's also several notes in the official documentation [2] that some of the checks might not work when optimizations are enabled, since the analyzer runs quite late in the compilation process. Which also raises question - does optimization make -fanalyzer more prone to false positives? And does it make the findings less accurate? Cheers, Frantisek [0] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117662 [1] https://github.com/csutils/cscppc/issues/46 [2] https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html On 11/14/24 08:47, Siteshwar Vashisht wrote:
Hello, I am writing this message to get feedback from the community on new findings by static analyzers in Critical Path Packages that have changed in Fedora 42. TLDR: This report[1] contains 37330 findings. Please review the report and provide feedback. A mass scan was performed this week on the packages that have changed in Fedora 42. This report[1] contains all the new findings that have been identified in the packages listed in Critical Path Packages. Newly added findings since Fedora 41 are listed under ‘+’ column. Please review the report and fix or report any findings upstream that may be real bugs. Not all findings reported by OpenScanHub may be actual bugs, so please verify reported findings before investing time into fixing or reporting them. We hope this is helpful for the packages you maintain and for the upstream projects. Questions can be asked on the OpenScanHub mailing list[2]. If you want to see the full logs of the scans, they are available on the tasks[3] page. User documentation for performing a scan is available on the Fedora wiki[4]. Constructive feedback is appreciated. Thank you! [1] https://svashisht.fedorapeople.org/openscanhub/mass-scans/f42-13-Nov-2024/ [2] https://lists.fedoraproject.org/archives/list/openscanhub@xxxxxxxxxxxxxxxxxxxxxxx/ [3] https://openscanhub.fedoraproject.org/task/ [4] https://fedoraproject.org/wiki/OpenScanHub
-- Frantisek Sumsal GPG key ID: 0xFB738CE27B634E4B -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue