This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Software Quality Binutils


Hi Christoph,

> In a virtual machine I executed the scanner with a Linux From Scratch
> configuration and the results where  uploaded to
> https://sonarcloud.io/organizations/h4z4rt-github/projects and can be
> viewed there.

Thanks very much for taking an interest in the binutils, and for letting 
us know about your scan and its results.  If there are any serious bugs 
that are uncovered it would be really useful if they could be reported 
via the binutils bug tracking system:

  https://sourceware.org/bugzilla/enter_bug.cgi?product=binutils

I took a quick look at the scan results myself.  535 bugs does seem to 
be rather alarming.  To say nothing of the vulnerabilities and smells.
But when I took a look at some individual bugs I have to say that I was
not very impressed.  Comments like "review this data-flow, variable 
<foo> may be null" indicate to me that the tool is not performing an
in-depth analysis of the code.

Or "Remove this conditional structure or edit its code blocks so that 
they're not all the same".  How on earth is that a bug ?  It is not
even bad coding.

I apologise, because I have not been through every single bug report
to see if any of them are significant.  But with that much noise in
the output I doubt if anyone will go through all of those "bugs".
Is there any way to adjust the output of the scanner so that only
really significant bugs are reported ?

Cheers
  Nick


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]