Re: Clang 3.3 Analyzer Results

On Mon, Nov 11, 2013 at 2:18 PM, Kevin Grittner <kgrittn(at)ymail(dot)com> wrote:
> I'm currently capturing a text version of all the warnings from
> this. Will gzip and post when it finishes. It's generating a lot
> of warnings; I have no idea how many are PostgreSQL problems and
> how many are false positives; will just post the whole set FWIW. I
> am using the 3.4 development nightly snapshot with these commands:

When I tried out scan-build a while ago, the results were kind of
disappointing - there were lots of false positives. Clearly the tool
was inferior to Coverity at that time. I'd be interested to see if
there has been much improvement since.

One thing I noticed at the time was that the tool didn't have any
gumption about elog() and control flow, even though IIRC at that time
we had the abort() trick (see commit
71450d7fd6c7cf7b3e38ac56e363bff6a681973c). I seem to also recall
Coverity correctly handling that, although perhaps I'm unfairly
crediting them with taking advantage of the abort() trick because of
the state of Postgres when I tried each of those two tools - it might
be that scan-build *would* have taken advantage of that at the time,
if only the trick was there.

--
Peter Geoghegan