[cfe-dev] Static analysis output format
David Smith
catfish.man at gmail.com
Fri Jul 4 14:41:30 PDT 2008
As we've been working through the list of results from static
analysis for Adium it's become increasingly clear that the output
format is introducing some complications. Specifically, each time we
rerun (whether to use an updated version of checker, or to check
against the latest source) it eliminates any metadata that we've built
up around the results, such as which ones were false positives.
Unfortunately, fixing this seems somewhat tricky. The main thing that
would be necessary is a way of identifying results across runs. That
way we can plug this into our automated testing system so each time we
commit it can rerun and say "ok, these ones are known, these ones are
known false positives, and these ones are new" rather than just
"here's a list to re-evaluate". I'm not sure how to come up with some
sort of identifier for issues though. Line numbers probably change too
frequently to be reliable. I suppose a heuristic based on function
name, issue type, file name, and approximate line number might be
fairly accurate.
David
More information about the cfe-dev
mailing list