On 4/10/21 11:40 AM, Bruno Haible wrote:
True. But it clutters up the source code. For tools that produce 5-10 times
more false reports than good reports, I wouldn't do this.
Likewise. Static analysis tools come and go, but source code is forever.
I like Bruno's suggestion of suppressing analysis of Gnulib-copied
source files. That's longstanding practice when using Gnulib in other
projects. For example, in Coreutils, './configure --enable-gcc-warnings'
uses a different set of gcc -W flags for Gnulib-supplied code because
Gnulib doesn't bother pacifying GCC about some issues where Coreutils
does bother (they would all be false alarms anyway). You could do
something similar with Coverity, cppcheck, etc.
