[cfe-dev] Automatic scan-build on the LLVM toolchain

David Blaikie dblaikie at gmail.com
Fri Jul 19 08:56:41 PDT 2013 

On Thu, Jul 18, 2013 at 5:26 AM, John Smith <lbalbalba at gmail.com> wrote:
> On Mon, Jul 15, 2013 at 6:39 PM, Richard <legalize at xmission.com> wrote:
>>
>> Sylvestre Ledru wrote
>>> Hello,
>>>
>>> After setting an automatic code coverage tool [1], I just plugged an
>>> automatic scan-build on the LLVM toolchain:
>>>
>>> http://buildd-clang.debian.net/scan-build/
>>
>> So... this seems like something I could contribute.  Small, isolated
>> fix with an automated way of knowing when I've fixed it.
>>
>> However, I don't want to duplicate work being done by someone else as
>> I've just subscribed to the list.  Are these being turned
>> automatically into bug tickets?  Do I just "claim" some of these and
>> then submit a patch?
>>
> I see no one has answered this one yet, so ill have a go here:
>
> I doubt the report is 'automagically' turned into bug reports, or that
> (if even possibly, certainly requiring more skills that I have) it
> would even be desirable. Part of the process is to determine if you
> are dealing with a genuine bug or a false positive. And as icing on
> the cake, if it is a false positive, maybe even a modification of the
> checker to prevent it from generating similar false positives in the
> future.

The nice part about bugs in the LLVM database is that they would
either be bugs in the code (true positives) or bugs in the analyzer
(false positives) - so either way the bug could be used to track the
resolution. (assuming that there's no "acceptable false positive"
without some kind of suppression mechanism, which seems like a
reasonable goal - if a project can't hold itself at/towards "clean"
that seems like a problem)

So I think it might be worth considering an auto-filing system, if
anyone wanted to spend the time to do so. (one issue might be figuring
out how to not file the same issues again on future runs - maybe even
detect when they've been fixed (though that would be hard - since the
code might change so it doesn't trigger the warning anymore, but if
it's a false positive that doesn't mean the bug in the analyzer has
been fixed - but if someone's not looked at/resolved the bug, maybe
it's worth just resolving the bug as no-repro & moving on))

>
> I guess the best way to go would be announcing on this list that youre
> looking into a certain class of bugs in the report and ask if anyone
> else is doing that already. If noone answers, I assume it would be
> safe to claim the bug(s) and start working
>
>
> Regards,
>
>
> John Smith.
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev

More information about the cfe-dev mailing list