Xen project Mailing List

Re: Proposal for deviations in static analyser findings

To: Luca Fancellu <Luca.Fancellu@xxxxxxx>

Date: Tue, 18 Oct 2022 17:57:15 +0200

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=hG2br83tQxUeM0V05Wnkau+jniQ3+X83HQp6p918x84=; b=dCvPrsdK8kDtTGx3Q8EwNPc5Xo1GcpE3zjyfHoyWhXROpfEnl8chL4Y5+FuXXelJGhesB6YbMtxNCXRKBDTyCdYhW3ePiZjwY2c8o2xTJNjVu2omU+YIk2z1kZN4Y2rwj6HBCYbyFOvxJ3cDpyijxmeD31ajETlkJ2fyuq9pvpT8lMb9QXKvFkyk4uZ+4pHkOjWQeMnUKY+9zzR1yvhUP8Vv//556e6V1VR/OOJtVzkj5kaMoEA7EUB5HClvu1Jk3DPraXOhh1g63f6GG/eZtm94N9EU1qDgluGVfAUv6c9xG3Dnfb4rchNvY0J7qBKLJasyJzuEbLXZ6HgziazKYw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SYd4GC5CrXyBB8HosyBzneKFaMoIMaYqwg2fkL7hYsS5AAByDXSL0DmeCK2weHP9S9Ta8U5AkdkaFZU07XNwXWdcR/feZcKJgJgXutdD3y1+sixyB2DsWrTmqCi8fdDb9AZRdUfBNH7M6Mdm8mivsGMIzpvDtfqZEFW1S0aej09zk0GqTDRm5VSMe7cVkgYCe1FuqZKZKdmXHm2Oz/at2i3wH/IguQj6dfS0VfPJTgMqdWygcMMAjtMAwNbgKMEYnP65xDHFGCPrThl8/P2+Wyj+ngG5rRq32nTrUlqryBaNvWu5c65D0FTH3XxOrppb2G29EWHii1reWpmKZjwIsA==

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;

Cc: Bertrand Marquis <Bertrand.Marquis@xxxxxxx>, Wei Chen <Wei.Chen@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Tue, 18 Oct 2022 15:57:25 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 18.10.2022 17:49, Luca Fancellu wrote: >> On 18 Oct 2022, at 16:29, Jan Beulich <jbeulich@xxxxxxxx> wrote: >> On 18.10.2022 17:17, Luca Fancellu wrote: >>>> On 13 Oct 2022, at 12:34, Jan Beulich <jbeulich@xxxxxxxx> wrote: >>>> On 13.10.2022 12:11, Luca Fancellu wrote: >>>>>> On 13 Oct 2022, at 08:50, Jan Beulich <jbeulich@xxxxxxxx> wrote: >>>>>> Iirc at least Coverity ignores certain instances of what it might >>>>>> consider >>>>>> violations (fall-through in switch() statements in particular) in case >>>>>> _any_ comment is present. Therefore may I suggest that such comments be >>>>>> deleted (really: replaced by a blank line, to maintain correct line >>>>>> numbering) if there's no matching key-value pair? >>>>> >>>>> Yes the line won’t be altered if there is no match. This to ensure the >>>>> correct line >>>>> numbering is not affected. >>>> >>>> "won't be altered" is the opposite of what I've been asking to consider: >>>> Observing that comments _regardless_ of their contents may silence >>>> findings, >>>> the suggestion is to remove comments (leaving a blank line) when there's no >>>> entry for the targeted tool in the table entry. >>> >>> Why? The tag comment won’t do anything, it would act as a blank line from >>> the analyser >>> perspective. >> >> The _tag_ won't do anything, but as said any _comment_ may have an effect. > > Yes, any comment that is using a proprietary syntax for the tools we use: > > /* cppcheck-suppress[proprietary_ID] */ > /* coverity[proprietary_ID] */ > /* -E> hide proprietary_ID 1 “" */ > > May have an effect. > > If an entry in the database has no match with the used tool, then it would > stay as (for example): > > /* SAF-X-safe [blablabla] */ > > Which has no effect on any tool, hence I don’t see the needs to replace it > with a blank line. One more try: May I ask that you re-read the very beginning of the context I've left in place? I did call out a case where, from all I know, a tool would be silenced by the mere presence of a comment, regardless of comment text. Hence by not purging SAF-X-... comments you may suppress findings. Jan

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.