[cfe-dev] Static analysis output format

David Smith catfish.man at gmail.com
Fri Jul 4 14:41:30 PDT 2008

	As we've been working through the list of results from static  
analysis for Adium it's become increasingly clear that the output  
format is introducing some complications. Specifically, each time we  
rerun (whether to use an updated version of checker, or to check  
against the latest source) it eliminates any metadata that we've built  
up around the results, such as which ones were false positives.
	Unfortunately, fixing this seems somewhat tricky. The main thing that  
would be necessary is a way of identifying results across runs. That  
way we can plug this into our automated testing system so each time we  
commit it can rerun and say "ok, these ones are known, these ones are  
known false positives, and these ones are new" rather than just  
"here's a list to re-evaluate". I'm not sure how to come up with some  
sort of identifier for issues though. Line numbers probably change too  
frequently to be reliable. I suppose a heuristic based on function  
name, issue type, file name, and approximate line number might be  
fairly accurate.


