On 5/12/20 10:49 AM, Kamil Dudka wrote:
> The problem is that such
> false positives may easily turn out into true positives, as the code gets
> changed, and nobody will notice it.
Sounds extremely unlikely here. It's never happened with coreutils as far as I
know. For this particular case, thi
Hello all,
Since Savannah requires licenses to be under version control (see
here¹), I don't think it makes sense for Gnulib to provide modules for
them. My reasoning is that if developers are going to use a Gnulib
module, they won't keep the files it provides under version control (in
fact, gnuli
On Tuesday, May 12, 2020 6:23:33 PM CEST Paul Eggert wrote:
> 3. If you don't like false alarms from GCC or from other static analyzers,
> filter them out (or get better analyzers...). You can filter in many
> different ways (e.g., by comparing the warnings you got last time from the
> ones you got
On 5/11/20 2:11 PM, Bruno Haible wrote:
> xmalloc.c:113:10: warning: use of possibly-NULL '' where non-null
> expected [CWE-690] [-Wanalyzer-possible-null-argument]
> Since xmalloc (0) may be NULL, xmemdup may end up calling memcpy (NULL, p, 0).
> We know this is harmless, if no sanitizer is pres
On 5/12/20 8:17 AM, Kamil Dudka wrote:
> Pádraig Brady suggested me to run static analyzers with -Dlint, which is
> exactly opposite of what you are saying, isn't it?
That depends on how you're building. I am assuming that you want your static
analyzers to analyze the code that you're actually ru
Kamil Dudka wrote:
> So you assume that your code is perfect while the tools failing to analyze it
> properly are buggy.
I don't _assume_ it. It's my _experience_ with gnulib code:
* My experience with Coverity is about 20% good findings and 80% that I can
ignore.
* My experience with 'gc
On Monday, May 11, 2020 7:26:34 PM CEST Paul Eggert wrote:
> On 5/11/20 12:43 AM, Kamil Dudka wrote:
> > It is usually bad idea to use different versions of source code for
> > compilers and for static analyzers.
>
> Yes, I don't like it either. The patch I installed was particularly bad,
> since
On Monday, May 11, 2020 9:17:39 PM CEST Bruno Haible wrote:
> I agree with Paul, for three reasons:
>
> * We, the developers, should decide how our programs look like. It's not
> only a question of pride - even if that pride is only about having save a
> 'xorl %eax,%eax' instruction. It's a qu
Hi Bruno,
On 11.05.20 18:37, Bruno Haible wrote:
> Hi Tim,
>
>> i would like to ask for your expert knowledge.
>>
>> How to prevent file descriptor leaks in a multi-threaded application
>> that fork+exec. Quick answer is surely "use O_CLOEXEC" to close those
>> file descriptors on exec.
>>
>> But
