[cfe-dev] Static analysis tool development
Ben Laurie
benl at google.com
Sat Jan 17 07:02:02 PST 2009
On Sat, Jan 17, 2009 at 2:53 PM, Monty Zukowski <monty at codetransform.com> wrote:
> I'm glad to hear all the details of your analyzer. I'll have more
> questions later, I'm sure, but for now this is what interests me most:
>
>> Another high-level goal of the analyzer is to support the relaying of rich
>> diagnostics to end-users about how a bug manifests in their program. The
>> diagnostic reporting mechanism in the analyzer also uses a set of abstract
>> interfaces so that bug reports can be rendered in a variety of ways (e.g.,
>> to the console, to an HTML page, within an IDE, etc.). Providing rich
>> diagnostics is an important goal because without them the results of a
>> static analysis algorithm is only useful to graduate students studying
>> program analysis techniques rather than programmers who want to fix bugs.
>
> As you mentioned later, issue tracking is very important and the
> analyzer can be designed to help with that.
I do wonder if suppression of false positives is better done by
annotation than by tracking...
a) The annotation can be reused by other analysers.
b) The annotation works for developers who start from scratch.
> It seems to me that that
> could be the best use of Google's money to get this tool into its most
> useful state. I can see you've put a lot of thought into the other
> analysis which can be added to the tool later. I'm not an expert in
> that area so I'll probably leave that area untouched.
>
> In any event, you've described a tool which seems to have been
> designed to be both extensible and useful and for that I'm very
> excited. It seems like such an obvious need, doesn't it?
>
> Monty
>
> P.S. I'll be offline on holiday and probably won't answer any other
> emails until Monday night or Tuesday.
>
More information about the cfe-dev
mailing list