Re: The Case for Rust (in any system)

From: David Chisnall <theraven_at_freebsd.org>
Date: Fri, 06 Sep 2024 07:02:28 UTC
On 5 Sep 2024, at 22:13, Alan Somers <asomers@freebsd.org> wrote:
> 
> I used to check it, years ago.  But I gave up.  The UI is too hard to
> use and false alarms are both too frequent and too hard to suppress.
> Plus, it's a real drag that I can't run the tool myself.  Instead, I
> need to wait for the next scheduled run.

In general, it’s very hard to add static analysis to existing projects. The property that you want is that there are no *new* static analyser errors in a new commit, but that’s requires tracking all of the existing ones. In CHERIoT RTOS, we run the clang analyser in CI as one of the checks that must pass before a PR can be merged. This is possible because we started doing it very early on. It may be possible for some individual parts of FreeBSD, but when we started with Coverity I looked at the reports and the first ten I looked at were all false positives. There are probably some serious issues in there but the effort to find them is high. For a new project, that cost is a small incremental cost in each commit and code review (if the analyser finds something, reviewer has to agree that it’s a false positive).

David