Re: The Case for Rust (in any system)
Date: Fri, 06 Sep 2024 07:25:03 UTC
-------- David Chisnall writes: > On 5 Sep 2024, at 22:13, Alan Somers <asomers@freebsd.org> wrote: > > > > I used to check it, years ago. But I gave up. The UI is too hard to > > use and false alarms are both too frequent and too hard to suppress. > > Plus, it's a real drag that I can't run the tool myself. Instead, I > > need to wait for the next scheduled run. > > In general, it's very hard to add static analysis to existing projects. Only in the sense that if you want it to provide value, you have to clean up both the code and the list of findings. I did spend some time on Coverity+FreeBSD back when we initially got access and I was sufficiently underwhelmed that I stopped. Coverity has gotten better since then, and it has found a few serious issues in Varnish Cache, but not much. We generally keep the Coverity list clean. One thing about all static analysis tools that you will soon discover if you use them seriously, is that they are all "opinionated" and if you disagree with their opinions, they become as tiresome as a drunk uncle. Coverity is not sober IMO. <rant> I will also note that almost all the blame for C's current status lies with the standardization efforts, which almost seem hell-bent on destroying the language rather than improving it. More and more stuff becomes "undefined" instead of taking a stand and laying down a sensible rule. Obvious improvements do not happen: After a quarter century of standardization, C still does not have a way to explicitly lay out a datastructure and specify it's endianess. I guess because C never interacts with hardware and protocols or something ? Why havn't C gotten a set of rudimentary classes ? Are they afraid Bjarne will stop sending them X-mas cards if they adopt a good idea ? How about type-safe enums ? Integer-ranges, a'la PASCAL and ADA would be a great way to tell the compilers what to look for, even if they are used for nothing else. But nope, can't have any of that. </rant> Poul-Henning PS: Recently I have not been able to use the Coverity U/I because of some disagreement between my Firefox and their webcode: ERROR TypeError: getColumnCssRules(...).left is undefined applyColumnWidths https://scan5.scan.coverity.com/main.55109ab457b762b4.js:11 updateCanvasWidth https://scan5.scan.coverity.com/main.55109ab457b762b4.js:11 updateRowCount https://scan5.scan.coverity.com/main.55109ab457b762b4.js:11 resizeCanvas https://scan5.scan.coverity.com/main.55109ab457b762b4.js:11 finishInitialization https://scan5.scan.coverity.com/main.55109ab457b762b4.js:11 initialization https://scan5.scan.coverity.com/main.55109ab457b762b4.js:1 Has anybody seen this ? -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.