On 9/29/17, Jens Alfke <j...@mooseyard.com> wrote:
> it’s not a good idea to walk into a community and
> immediately tell everyone that they’re doing things the wrong way
It's worse than that. The very first sentence we heard from Mr.
Razumovsky was an imperative: "Remove warnings!". And though he did
at least say "Please", starting out with a command is not the most
endearing way to enter a community.
We have yet to learn who Mr. Razumovsky is, or why he feels it is so
urgent that we spend weeks of time churning the SQLite code (and
likely introducing bugs) to silence a bunch of harmless warnings.
The "Power Of 10" webpage appears to be a distillation of the MISRA C
guidelines. The "maximum warnings enabled" rule is number 10. It is
worth pointing out that SQLite fails the other 9 rules too, some of
them spectacularly. For example, sqlite3.c contains 818 goto
statements. And the function that implements the byte-code engine is
over 121 printed pages long.
I studied MISRA C in detail a decade or so ago and I was not
impressed. MISRA seems focused on improving quality by imposing
stylistic guidelines. All the MISRA guidelines seems to be created
with an eye toward being able to verify them at compile-time. MISRA
is concerned with how long your functions are, and how many assert()
and goto statements you use, whereas I think it is more important to
focus on getting the correct answer. DO-178B puts more emphasis on
run-time verification, which is why I prefer using it over MISRA.
This statement is still true: More bugs have been introduced into
SQLite trying to silence compiler warnings than compiler warnings have
D. Richard Hipp
sqlite-users mailing list