bug-ncurses
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: static analysis run on ncurses 5.6


From: Larry Zhou
Subject: Re: static analysis run on ncurses 5.6
Date: Fri, 1 Aug 2008 15:36:50 -0700

It is a fact that Klocwork has a higher false positive rate than Coverity, possibly above 75%.

If you can get 20 to 30 things in "possible" or "potential" range, that would be amazing.

On Fri, Aug 1, 2008 at 12:32 PM, Thomas Dickey <address@hidden> wrote:
On Fri, 1 Aug 2008, Larry Zhou wrote:

Here it goes. 117 warnings total.

some of them are false reports (I don't have a count yet, but will work
through the list...).

For instance, the third in the list (for test/bs.c) appears to be seeing the chunk from 447-457, seeing that 'ss' is set to a nonzero value if c!='R', and not seeing that line 468 will not be executed when c=='R'.

You are right about that. That is a false positive. If in anyway, you want to help static analyzer help you.
add a debug assert right before line 468.
    assert(ss);

That would help make your intention clear.



(Some of Coverity's were false also - but I won't be surprised if they
find different things).  Even if half of them were false, that's still
a gain.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]