Software Quality Binutils
Nick Clifton
nickc@redhat.com
Tue Aug 14 10:31:00 GMT 2018
Hi Christoph,
> In a virtual machine I executed the scanner with a Linux From Scratch
> configuration and the results where uploaded to
> https://sonarcloud.io/organizations/h4z4rt-github/projects and can be
> viewed there.
Thanks very much for taking an interest in the binutils, and for letting
us know about your scan and its results. If there are any serious bugs
that are uncovered it would be really useful if they could be reported
via the binutils bug tracking system:
https://sourceware.org/bugzilla/enter_bug.cgi?product=binutils
I took a quick look at the scan results myself. 535 bugs does seem to
be rather alarming. To say nothing of the vulnerabilities and smells.
But when I took a look at some individual bugs I have to say that I was
not very impressed. Comments like "review this data-flow, variable
<foo> may be null" indicate to me that the tool is not performing an
in-depth analysis of the code.
Or "Remove this conditional structure or edit its code blocks so that
they're not all the same". How on earth is that a bug ? It is not
even bad coding.
I apologise, because I have not been through every single bug report
to see if any of them are significant. But with that much noise in
the output I doubt if anyone will go through all of those "bugs".
Is there any way to adjust the output of the scanner so that only
really significant bugs are reported ?
Cheers
Nick
More information about the Binutils
mailing list