Hi, On Thu, Oct 1, 2020 at 8:59 AM Stephan Bergmann <sberg...@redhat.com> wrote:
We would need some mechanism to filter > out such identified false positives, with whatever mechanism would be > suitable: an annotation in the source code, a modification of the > -analyzer-... command line options passed to clang, etc. However, that > filtering should be done in an auditable way, so that we can later > discover that we are filtering false positives relating to a certain > location in the code, and can learn the rationale why those were > considered false positives. (Something that can be a pain with the way > we use Coverity Scan, see below.) > I briefly looked at the documentation [1] and faq [2], and to me it looks like although you can do some things to ignore / filter out specific issues, I cannot tell if this is what you are looking for. Perhaps it's best if I leave that up to people who actually know what they're talking about :). With the analyzer commandline options, it looks like you can disable entire classes of checks with the '-disable-checker' option, but that would mean that the check is disabled for the entire codebase, which probably isn't what you are looking for. [1] https://clang-analyzer.llvm.org/annotations.html [2] https://clang-analyzer.llvm.org/faq.html > From a quick look at the list, I see instances of all of: clearly true > positives, clearly false positives, and unclear findings. > So, does that mean that it might be a useful tool, or are there simply too many false positives to be of any help ? - Maarten
_______________________________________________ LibreOffice mailing list LibreOffice@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice
