On 5/10/19 4:32 AM, Kamil Dudka wrote:
I do not think it is a good idea to change a piece of working code to make
a static analysis false positives magically disappear.
I was thinking of making a change only if it makes the code a bit better
even ignoring whether Coverity is used. Surely we wouldn't insist on
slightly-worse code merely because we also want to further clutter it up
with Coverity pacification.
Getting precise results for checkers like
this is computationally expensive and in the general case impossible.
Although that is true in general, in this particular case it's easy for
an automated tool with Coverity's sophistication to check that the
subscripts are in-range for the array. This is really a Coverity bug and
I'd rather not add batches of comments to code just to cater to Coverity
bugs. Particularly since Coverity is not free software and ordinary
developers like me cannot use it.This sort of thing would send the wrong
signal from the GNU project.
