On 22.04.2009 23:26 Uhr, Peter Stuge wrote:
Joseph Smith wrote:
Wow looks like there are alot of bugs in romcc.c !
I only looked at the very first ones:
API Argument with 'nonnull' attribute passed null romcc.c:10780
The thing to note here is that there are conditions to the error. Code can very well be making sure that those conditions are in fact never met, and I don't think scanbuild does a complex enough analysis to know for sure. (Quite understandably!)
I agree it would be nice to have perfect analysis, and/or code more suitable for analysis, but just want to point out that there can be false positives depending on the coding style.
Absolutely agreed. Not all findings by scan-build make sense (for us). There are cases where it will find an access to memory which is not backed by a C variable to be undefined. (something like *(u8 *)0xdeadbeef) ... Makes a lot of sense in (most) user space applications, but we need to be careful. I tried to fix a couple of findings, even if they were not strictly required (such as attribute((noreturn)) in a userspace function calling exit() ... the attribute is not inherited in scan-build as they don't do interprocedural checks yet) to improve the overall results.
There are far better ways of doing static code analysis, most of them involve a lot of time and money. That said, if someone with a PolySpace license (Carl-Daniel?) and a few couple of days of time reads this, please help us verify our code! Same for QA-C et al.
Stefan