[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: tar + cpio - covscan issues

From: Paul Eggert
Subject: Re: tar + cpio - covscan issues
Date: Sun, 11 Apr 2021 12:50:36 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1

On 4/10/21 11:40 AM, Bruno Haible wrote:
True. But it clutters up the source code. For tools that produce 5-10 times
more false reports than good reports, I wouldn't do this.

Likewise. Static analysis tools come and go, but source code is forever.

I like Bruno's suggestion of suppressing analysis of Gnulib-copied source files. That's longstanding practice when using Gnulib in other projects. For example, in Coreutils, './configure --enable-gcc-warnings' uses a different set of gcc -W flags for Gnulib-supplied code because Gnulib doesn't bother pacifying GCC about some issues where Coreutils does bother (they would all be false alarms anyway). You could do something similar with Coverity, cppcheck, etc.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]