<br><br><div class="gmail_quote">On 12 May 2011 12:24, John Smith <span dir="ltr"><<a href="mailto:lbalbalba@gmail.com">lbalbalba@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Hi.<br>
<br>
<br>
In case anyone is interested, I ran the clang analyzer on several open<br>
source projects. (gcc, gdb, glib, ntp, openldap, openssl, postfix).<br>
<br>
However, there are many issues found on most of those projects, which<br>
are reasonably well known and widely used pieces of software. Which<br>
makes me wonder if there arent just a lot of false positives here ?<br>
<br>
<br>
The resulting reports can be found here :<br>
<br>
<a href="http://lbalbalba.freezoka.net/ccc-analyzer/" target="_blank">http://lbalbalba.freezoka.net/ccc-analyzer/</a></blockquote><div><br></div><div>Experience with static analysis says that almost all the issues will be false positives (at least in openssl).</div>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><br>
<br>
<br>
<br>
Regards,<br>
<font color="#888888"><br>
<br>
<br>
John Smith<br>
_______________________________________________<br>
cfe-dev mailing list<br>
<a href="mailto:cfe-dev@cs.uiuc.edu">cfe-dev@cs.uiuc.edu</a><br>
<a href="http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev" target="_blank">http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev</a><br>
</font></blockquote></div><br>