Hi,
On Thu, Oct 1, 2020 at 8:59 AM Stephan Bergmann <sbergman@xxxxxxxxxx> wrote:
We would need some mechanism to filter
out such identified false positives, with whatever mechanism would be
suitable: an annotation in the source code, a modification of the
-analyzer-... command line options passed to clang, etc. However, that
filtering should be done in an auditable way, so that we can later
discover that we are filtering false positives relating to a certain
location in the code, and can learn the rationale why those were
considered false positives. (Something that can be a pain with the way
we use Coverity Scan, see below.)
I briefly looked at the documentation [1] and faq [2], and to me it looks like although you can do some things to ignore / filter out specific issues, I cannot tell if this is what you are looking for. Perhaps it's best if I leave that up to people who actually know what they're talking about :).
With the analyzer commandline options, it looks like you can disable entire classes of checks with the '-disable-checker' option, but that would mean that the check is disabled for the entire codebase, which probably isn't what you are looking for.
With the analyzer commandline options, it looks like you can disable entire classes of checks with the '-disable-checker' option, but that would mean that the check is disabled for the entire codebase, which probably isn't what you are looking for.
From a quick look at the list, I see instances of all of: clearly true
positives, clearly false positives, and unclear findings.
So, does that mean that it might be a useful tool, or are there simply too many false positives to be of any help ?
- Maarten
_______________________________________________ LibreOffice mailing list LibreOffice@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/libreoffice
