[cfe-dev] Clang Analysis of several open source projects.
John Smith
lbalbalba at gmail.com
Thu May 12 09:53:43 PDT 2011
On Thu, May 12, 2011 at 6:50 PM, Ben Laurie <benl at google.com> wrote:
>>
>> Experience with static analysis says that almost all the issues will be
>> false positives (at least in openssl).
>
> e.g.
> http://lbalbalba.freezoka.net/ccc-analyzer/scan-build-openssl-1.0.0d/report-x3HkoT.html#EndPath
> is bad analysis (the branch stuff needs to understand bitmaps to fix it -
> hmm, that could be a fun project).
>
Thanks for examining that one. Part of the point of posting this, is
that hopefully it will result in a better analyzer in the end by
eliminating as much false positives as possible.
Perhaps a bug report could/should be filed for this one ?...
;)
Regards,
John Smith.
More information about the cfe-dev
mailing list