On Wed, Jan 22, 2014 at 4:31 PM, Richard Hipp <[email protected]> wrote: > > On Wed, Jan 22, 2014 at 3:46 PM, Jeffrey Walton <[email protected]> wrote: >> >> Here are some results from Clang 3.3 and its scan-build engine on >> sqlite-amalgamation32k-201401171527.zip. Its a pretty good analyzer >> and it keeps getting better. > > We do run SQLite through scan-build and with -fsanitize=undefined (among > countless other tests, http://www.sqlite.org/checklists/3080200/index) prior > to every release. But for 3.8.0, we used Clang 3.0. It looks like Clang > 3.3 will be vexing us with a whole new fresh crop of warnings. :) The coverage is very impressive.
I noticed Intel's ICC is missing. ICC is ruthless about removing code with undefined behavior in an effort to generate the fastest code. Because its ruthless, I try to include it in my projects to tease out non-portable and undefined behavior. ICC might make a good test platform for Sqlite. You'll know if you have some UB because Sqlite's self tests will break in an inexplicable manner under ICC (and run fine under all other compilers). You can get the non-commercial version at http://software.intel.com/en-us/non-commercial-software-development (if interested). > Static analysis has not be helpful, historically, in locating bugs in > SQLite. See http://www.sqlite.org/testing.html#staticanalysis for further > discussion on this. Yeah, agreed. They can produce a lot of noise at times. Its great that the project keeps up with them. It really helps folks downstream who have a rigorous engineering process. > We've actually created more bugs trying to deal with > warnings from static analyzers that static analyzers have found in the first > place. So compiler warnings and static analysizers have been a net-loss for > SQLite. Yeah, that sucks at times. Its too bad there's no easy way to separate the wheat from the chaff. > It is an even greater loss when you realize that the considerable > time we spend trying to squash compiler warnings is time taken away from > actually improving the code. Nevertheless, we have and continue to work very > hard to get SQLite to compile warning-free on as many platforms as possible. Great, keep up the good work. > I have recently updated my desktop and now have a brand new Clang 3.4 > installed, which will be used for the next release coming up in a few weeks. > I'll try to eliminate as many of these false-positive warnings as I can > prior to the 3.8.3 release. Oh, that's cool. I did not know Clang 3.4 was ready for general consumption. Please let me know if you would like some independent testing. I'd be happy to oblige. Jeff _______________________________________________ sqlite-users mailing list [email protected] http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
