Am Fri, Jan 21, 2022 at 12:45:56AM +0100 schrieb Steffen Nurpmeso: > Fwiw, i have been astonished by this thread. I found scan-build > to generate a lot of false warnings, so much indeed that i stopped > using it .. in summer 2017.
I've spend time on the static analyzer output in NetBSD and I wouldn't say so much that it creates too many false warnings, but that the pure text version is not helpful. The HTML output at least explains the reasoning. From those pre-conditions, it is often easy to deduce why it is a false positive from *other* conditions in the program. Properly asserting those would certainly improve code. The biggest advantage in coverity is the logic they have for preserving the state of analysis across code changes, e.g. once you tag a reported issue as analyzed and not a problem, it tries very hard to not show it again. Joerg
