On 2015-03-23 01:59 PM, Saurav Sarkar wrote: > Thanks a lot Richard for your inputs. > > the link indeed looks positive enough :). > > Would like to know if anyone else has gone through similar experiences . Often.
Just to add - many times people have posted here about some or other static analysis tool tripping up on some SQLite code, but it's always (at least, in the vast majority of cases) the analysis tool producing the problem (mostly false positives). This is not through any flaw in them, the flaw lies in static analysis' premise - that a computer program can "read" your code and assume /All/ safety properties from it. Mostly this works, but many times something that looks like a problem really isn't one and sadly a LOT of code exists in this universe to appease analysis tools (and department heads) rather than contribute an ounce to actual code safety or efficiency. Richard was being very kind when he said: "... excel at generating false positives in SQLite." - that sentence does not require the words: "in SQLite". Also, some of your examples posted were inside ASSERT statements which doesn't actually make it into final compiled code, so not sure what the analyzer is thinking there. Understand that I am all for using analysis tools, they have certainly saved a ton of problems and can quickly point out obvious issues, but one has to understand their shortcomings and flaws too - just like any other tool. Have a great day! Ryan
