dcoughlin added a comment.
I evaluated this checker on three internal codebases that make large use of
Project 1: ~190,000 lines of C++. 16 alarms. I triaged all of them. There were
2 definite false positives (FPs) and 14 likely FPs.
Project 2: ~320,000 lines of C++. 116 alarms. I triaged 45. All likely FPs.
Project 3: ~23,000 lines of C++. 43 alarms. I triaged 13. 3 definite FPs and 10
The definite false positives were cases where the programmer seemed aware of
the semantics of virtual calls during construction/destruction and had each
subclass explicitly call its own version of the virtual method in question. The
likely false positives were cases where there was no subclass of the
constructed class that overrode the method in question.
I think there is value in this checker: virtual calls in constructors are a
definite code smell and are hard to get right. But I don't think we can turn it
on by default given the sheer number of alarms. I think this needs to stay in
alpha until we can reduce the number of false positives
cfe-commits mailing list