Klocwork static analysis report

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Klocwork static analysis report

Raitses, Alex
Hello,
Please find attached Klocwork static analysis report for “C source code as an amalgamation”, version 3.30.1 (sqlite3.c).
Can you please review the report attached and update which bugs can be fixed.


Regards,
Alex
---------------------------------------------------------------------
Intel Israel (74) Limited

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Klocwork static analysis report

Richard Hipp-3
On 11/6/19, Raitses, Alex <[hidden email]> wrote:
> Hello,
> Please find attached Klocwork static analysis report for “C source code as
> an amalgamation”, version 3.30.1 (sqlite3.c).
> Can you please review the report attached and update which bugs can be
> fixed.
>

(1) This mailing list strips attachments.

(2) Klocworks does not find "bugs".  Rather, it finds warnings.  The
overwhelming majority of warnings found by klocworks are
false-positives.  I do not recall an occasion where klockworks found
an actual bug in SQLite.  Mostly, klocworks warning list are just a
distraction for the developers that take their time away from finding
real bugs.  Please ignore klocworks, at it is not a useful tool for
finding errors in SQLite.
--
D. Richard Hipp
[hidden email]
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Klocwork static analysis report

Donald Shepherd
On Wed, 6 Nov 2019 at 22:21, Richard Hipp <[hidden email]> wrote:

> On 11/6/19, Raitses, Alex <[hidden email]> wrote:
> > Hello,
> > Please find attached Klocwork static analysis report for “C source code
> as
> > an amalgamation”, version 3.30.1 (sqlite3.c).
> > Can you please review the report attached and update which bugs can be
> > fixed.
> >
>
> (1) This mailing list strips attachments.
>
> (2) Klocworks does not find "bugs".  Rather, it finds warnings.  The
> overwhelming majority of warnings found by klocworks are
> false-positives.  I do not recall an occasion where klockworks found
> an actual bug in SQLite.  Mostly, klocworks warning list are just a
> distraction for the developers that take their time away from finding
> real bugs.  Please ignore klocworks, at it is not a useful tool for
> finding errors in SQLite.


Having done a triage of Klocwork issues on an earlier amalgamation (to
assuage organisational worry about open source), by far the majority were
null pointer warnings on code paths that could never be null.  It did not
inspire confidence.

Regards,
Donald Shepherd.
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users