Re: [PATCH] ci: update 'static-analysis' to Ubuntu 22.04

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Aug 26, 2022 at 09:46:54AM -0700, Junio C Hamano wrote:

> > Yeah, my general skepticism and disappointment above notwithstanding,
> > this seems like the best path forward from here. I tried a few other
> > tricks (like --macro-file and --iso-file), but if its parser chokes, I
> > don't think there's much we can do about it. Even if we wrote a patch to
> > coccinelle itself (and I have no interest in doing that myself), it
> > would take a while to become available.
> 
> If it is just a single unused.cocci, I would actually think removing
> it would be a much better path forward.  UNUSED() that renames to
> help folks without checking compilers would help noticing bad code
> much earlier than unused.cocci many contributors are not running
> themselves anyway.

I doubt that it is just unused.cocci. If I understand correctly, the new
syntax is choking coccinelle's parser, so it is missing segments of the
code from its analysis.

That shows up as a false positive for unused.cocci, because its patch is
something like "find me spots that have X followed by Y, with no Z in
between (and then delete X and Y)". And the breakage is that it doesn't
notice Z, so it thinks it has found such a spot.

But other rules are of the form "find me X (and turn it into Y)". If the
tool fails to parse code that contains X, then we'll get a false
negative: it won't generate output when it should. But we don't notice
any of those, because there are no true positives in the code base right
now. But it would presumably fail to find some of them if there were.
And more importantly, it makes the tool just as useless as false
positives.

If it were a matter of choosing one static analysis over another (unused
parameters versus coccinelle), we might have something tricky to decide.
But Ævar's non-parenthesized suggestion is a practical workaround. I
don't like it as much as what I posted originally, but it's only a
little less ergonomic, and lets us keep using coccinelle (which, despite
the headaches I've had tangling with it over the years, has produced
useful outcomes).

-Peff
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux