Re: The Case for Rust (in any system)
- Reply: Poul-Henning Kamp: "Re: The Case for Rust (in any system)"
- Reply: Jan Knepper : "Re: The Case for Rust (in any system)"
- Reply: fvalasiad : "Re: The Case for Rust (in any system)"
- Reply: Paul Floyd : "Re: The Case for Rust (in any system)"
- In reply to: Alan Somers : "Re: The Case for Rust (in any system)"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 06 Sep 2024 07:02:28 UTC
On 5 Sep 2024, at 22:13, Alan Somers <asomers@freebsd.org> wrote: > > I used to check it, years ago. But I gave up. The UI is too hard to > use and false alarms are both too frequent and too hard to suppress. > Plus, it's a real drag that I can't run the tool myself. Instead, I > need to wait for the next scheduled run. In general, it’s very hard to add static analysis to existing projects. The property that you want is that there are no *new* static analyser errors in a new commit, but that’s requires tracking all of the existing ones. In CHERIoT RTOS, we run the clang analyser in CI as one of the checks that must pass before a PR can be merged. This is possible because we started doing it very early on. It may be possible for some individual parts of FreeBSD, but when we started with Coverity I looked at the reports and the first ten I looked at were all false positives. There are probably some serious issues in there but the effort to find them is high. For a new project, that cost is a small incremental cost in each commit and code review (if the analyser finds something, reviewer has to agree that it’s a false positive). David