Re: [PATCH 00/35] media: Fix coccinelle warning/errors

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Apr 16, 2024 at 11:47:17AM +0300, Dan Carpenter wrote:
> In my opinion, it's better to just ignore old warnings.

I agree. Whatever checkers we enable, whatever code we test, there will
always be false positives. A CI system needs to be able to ignore those
false positives and only warn about new issues.

> When code is new the warnings are going to be mostly correct.  The
> original author is there and knows what the code does.  Someone has
> the hardware ready to test any changes.  High value, low burden.
> 
> When the code is old only the false positives are left.  No one is
> testing the code.  It's low value, high burden.
> 
> Plus it puts static checker authors in a difficult place because now
> people have to work around our mistakes.  It creates animosity.
> 
> Now we have to hold ourselves to a much higher standard for false
> positives.  It sounds like I'm complaining and lazy, right?  But Oleg
> Drokin has told me previously that I spend too much time trying to
> silence false positives instead of working on new code.  He's has a
> point which is that actually we have limited amount of time and we have
> to make choices about what's the most useful thing we can do.
> 
> So what I do and what the zero day bot does is we look at warnings one
> time and we re-review old warnings whenever a file is changed.
> 
> Kernel developers are very good at addressing static checker warnings
> and fixing the real issues...  People sometimes ask me to create a
> database of warnings which I have reviewed but the answer is that
> anything old can be ignored.  As I write this, I've had a thought that
> instead of a database of false positives maybe we should record a
> database of real bugs to ensure that the fixes for anything real is
> applied.

-- 
Regards,

Laurent Pinchart




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [Linux for Sparc]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux