Re: git and the Clang Static Analyzer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello Johannes,


I compiled git/master


... which advances from time to time, so you definitely want to include a
more informative data point here, e.g. 4fa66c85f11 (Git 2.13-rc2,
2017-05-04) ...



The 4fa66c85f11 you mentioned is part of the URL I sent.


Please note, that the information is only about what gets actually compiled,
code disabled by #if .. #endif is not considered (e.g. when determining
whether a variable assignment is useless).


So you already know that the report is specific to your setup. It may make
a lot of sense to actually state what your setup is, i.e. Operating
System, installed libraries (and their respective versions), CPU, etc.


I don't think this is of much relevance.  The hints provided encourage one to look at the code and to evaluate mentally the lines.  By tweaking the preprocessor directives, you could get less warnings (a previously unused variable now appears within an asser()), or more warnings (as more code gets compiled).  Getting more warnings makes sense, after the current ones are processed.  Getting less warnings means (again) compiling more code.  I use already pcre and openssl, what else can I enable?

There are probably false-positives.


Probably. So why don't you give it a try and look through the report? Then
summarize your findings here. That would definitely find a warm welcome, I
would expect.


However in case of e.g. builtin/notes.c:1018, builtin/reset.c:294 or
fast-import.c:2057 I consider the hints as justified.


Okay. And those hint are...?


Click on  https://mail.aegee.org/dpa/scan-build-git-4fa66c85f11/ and then on "fast-import.c: line 2057 -> View Report" and you will see pointless assignment.

I cannot organize the report much better, as filtering out the false positives requires usually too deep understanding of the code organization of git, which I do not have.

This is the analysis done on the pu-branch:
  https://mail.aegee.org/dpa/scan-build-git-7dd243c75

Both reports do not list files in the same order, as I did parallel builds, but I do not see on the spot any difference.

Learning Travis is not on my priority list, I sent the commands I called to get the report.  I also compiled clang by myself.  For those who mistrust sites, there are no-javascipt, no-css browsers like lynx.

Greetings
  Dilyan
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]