This is the mail archive of the
binutils@sourceware.org
mailing list for the binutils project.
Re: AW: Software Quality Binutils
On 08/16/2018 10:10 AM, Christoph Hazott wrote:
> Hi to all,
>
> I'm very happy because I think we are at the same page here :-)
> @John: CppCheck and pmccabe look already quite promising and could be
> a much better alternative than the sonar check I did. The pa_ip
> function is awesome I have to say :-D ~2000LOC with almost all loops
> and branches is a real challenge to maintain and much more of a
> challenge to refactor properly to not miss anything! @Nick: The check
> with sonar was done with the cx11 code rules from sonar. Also I don't
> like the bug term in sonar because a bug is something that is defined
> to lead to faults. An I personally think that this can be indicated
> by a static code analysis tool but real proof you only get over a
> dynamic code analysis (like unit testing). And to answer your
> questions. If "we" do static code analysis on the binutils we would
> need to have to define a set of rules and tools that really apply and
> make sense to further progress. The function John mentioned is a good
> example. If we assume that every node in the program is binary the CC
> tells us that 2^499 unit tests will cover this function. E.g.
> refactoring this to have 10 tests with a complexity of ~49 means we
> need around 10*2^49 tests to reach the same coverage. That's just a
> made up example but that's the direction where static code analysis
> is aiming. @Paul: That's true and from my experience the graph system
> in the background of the tools I used so far was always able to
> identify the proper case.
>
> Maybe it would be an idea that we pick out a module or function as a
> starting point which I then can work through to continue this
> conversation on a real example? The pa_ip function would already be
> quite an awesome challenge for this?
Rather than focusing on a dead target (HPPA), I'd suggest focusing on
something more mainstream if you're trying to improve code quality. You
could spend enormous amount of time bullet proofing code nobody runs
anymore in the real world.
jeff