Re: [RFC/PATCH] Makefile: suppress some cppcheck false-positives

git@vger.kernel.org mailing list mirror (one of many)
 help / color / mirror / code / Atom feed

From: Junio C Hamano <gitster@pobox.com>
To: Chris Packham <judge.packham@gmail.com>
Cc: git@vger.kernel.org, peff@peff.net,
	stefan.naewe@atlas-elektronik.com, gitter.spiros@gmail.com
Subject: Re: [RFC/PATCH] Makefile: suppress some cppcheck false-positives
Date: Fri, 16 Dec 2016 10:43:48 -0800	[thread overview]
Message-ID: <xmqqshpnsoij.fsf@gitster.mtv.corp.google.com> (raw)
In-Reply-To: <20161215232240.19427-1-judge.packham@gmail.com> (Chris Packham's message of "Fri, 16 Dec 2016 12:22:40 +1300")

Chris Packham <judge.packham@gmail.com> writes:

> -CPPCHECK_FLAGS = --force --quiet --inline-suppr $(if $(CPPCHECK_ADD),--enable=$(CPPCHECK_ADD))
> +CPPCHECK_SUPP = --suppressions-list=nedmalloc.supp \
> +	--suppressions-list=regcomp.supp
> +
> +CPPCHECK_FLAGS = --force --quiet --inline-suppr \
> +	$(if $(CPPCHECK_ADD),--enable=$(CPPCHECK_ADD)) \
> +	$(CPPCHECK_SUPP)

Has it been agreed that it is a good idea to tie $(CPPCHECK_ADD)
only to --enable?  I somehow thought I saw an objection to this.

> diff --git a/nedmalloc.supp b/nedmalloc.supp
> new file mode 100644
> index 000000000..37bd54def
> --- /dev/null
> +++ b/nedmalloc.supp
> @@ -0,0 +1,4 @@
> +nullPointer:compat/nedmalloc/malloc.c.h:4093
> +nullPointer:compat/nedmalloc/malloc.c.h:4106
> +memleak:compat/nedmalloc/malloc.c.h:4646
> +
> diff --git a/regcomp.supp b/regcomp.supp
> new file mode 100644
> index 000000000..3ae023c26
> --- /dev/null
> +++ b/regcomp.supp
> @@ -0,0 +1,8 @@
> +memleak:compat/regex/regcomp.c:3086
> +memleak:compat/regex/regcomp.c:3634
> +memleak:compat/regex/regcomp.c:3086
> +memleak:compat/regex/regcomp.c:3634
> +uninitvar:compat/regex/regcomp.c:2802
> +uninitvar:compat/regex/regcomp.c:2805
> +memleak:compat/regex/regcomp.c:532
> +

Yuck for both files for multiple reasons.  

I do not think it is a good idea to allow these files to clutter the
top-level of tree.  How often do we expect that we may have to add
more of these files?  Every time we start borrowing code from third
parties?

What is the goal we want to achieve by running cppcheck?  

 a. Our code must be clean but we do not bother "fixing" [*1*] the
    code we borrow from third parties and squelch output instead?

 b. Both our own code and third party code we borrow need to be free
    of errors and misdetections from cppcheck?

 c. Something else?

If a. is what we aim for, perhaps a better option may be not to run
cppcheck for the code we borrowed from third-party at all in the
first place.  

If b. is our goal, we need to make sure that the false positive rate
of cppcheck is acceptably low.


[Footnote]

*1* "Fixing" a real problem it uncovers is a good thing, but it may
    have to also involve working around false positives reported by
    cppcheck, either by rewriting a perfectly correct code to please
    it, or adding these line-number based suppression that is
    totally unworkable.  Like Peff, I'm worried that we will end up
    with two static checkers fighting each other, and no good way to
    please both.

next prev parent reply	other threads:[~2016-12-16 18:44 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-12-13  9:22 [RFC/PATCH] Makefile: add cppcheck target Chris Packham
2016-12-13  9:32 ` Chris Packham
2016-12-13  9:37   ` stefan.naewe
2016-12-13 12:15 ` Jeff King
2016-12-13 12:28   ` Jeff King
2016-12-14  8:23     ` Chris Packham
2016-12-14  8:33   ` Chris Packham
2016-12-14 11:18     ` Jeff King
2016-12-14  9:27 ` [RFC/PATCHv2] " Chris Packham
2016-12-14 11:24   ` Jeff King
2016-12-14 14:46     ` Jeff King
2016-12-15 23:22     ` [RFC/PATCH] Makefile: suppress some cppcheck false-positives Chris Packham
2016-12-16 18:43       ` Junio C Hamano [this message]
2016-12-16 22:16         ` Jeff King
     [not found]     ` <6ABA4AA4-BD5C-4178-BB3B-91CA045EA2AD@gmail.com>
2016-12-17  7:31       ` [RFC/PATCHv2] Makefile: add cppcheck target Chris Packham

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: http://vger.kernel.org/majordomo-info.html

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=xmqqshpnsoij.fsf@gitster.mtv.corp.google.com \
    --to=gitster@pobox.com \
    --cc=git@vger.kernel.org \
    --cc=gitter.spiros@gmail.com \
    --cc=judge.packham@gmail.com \
    --cc=peff@peff.net \
    --cc=stefan.naewe@atlas-elektronik.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://80x24.org/mirrors/git.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).