how to deal with a static analyzer output

Posted by Jim on Stack Overflow See other posts from Stack Overflow or by Jim
Published on 2010-01-15T08:56:11Z Indexed on 2010/05/27 17:11 UTC
Read the original article Hit count: 319

Filed under:

c++

|

static-analysis

We have started using a static analyzer (Coverity) on our code base. We were promptly stupefied by the sheer amount of warnings we received (its in the hundreds of thousands) , it will take the entire team a few mounts to clear them all (obliviously impossible).

the options we discussed so far are

1) hire a contractor to sort out the warning and fix them - he drawback: we will probably need very experiences people to do all these modifications, and no contractor will have required understanding of the code.

2) filter out the warning and deal only with the dangerous ones - the problem here is that our static analysis output will always be cluttered by warning making it difficult for us to isolate problems. also the filtering of the warning is also a major effort.

either way, bringing our code to a state when the static analyzer can be a useful tool for us seems a monumental task.

so how is it possible to work with the static analyzer without braining current development efforts into a complete stand still?

© Stack Overflow or respective owner

Related posts about c++

C++ : C++ Primer (Stanley Lipmann) or The C++ programming language (special edition)

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a Computer Science degree (long2 time ago) .. I do know Java OOP but i am now trying to pick up C++. I do have C and of course data structure using C or pascal. I have started reading Bjarne Stroustrup book (The C++ Programming Language - Special Edition) but find it extremely difficult esp… >>> More
Which C++ book shold I get between "C++ Primer" vs "C++ Primer Plus"

as seen on Stack Overflow - Search for 'Stack Overflow'
I want to learn C++ by using Vim and MinGW as compiler. I'm interesting at "C++ Primer (4th Edition)" and "C++ Primer Plus (5th Edition)" but I don't know how about it different. It has no book store that I can review those books, so I want to know, what is the different between those book and which… >>> More
Managed c++ std::string not accessible in unmanaged c++

as seen on Stack Overflow - Search for 'Stack Overflow'
In unmanaged c++ dll i have a function which takes constant std::string as argument Prototype : void read ( const std::string &imageSpec_ ) I call this function from managed c++ dll by passing a std::string. When i debug the unmanaged c++ code the parameter imageSpec_ shows the value correctly… >>> More
I need help on my C++ assignment using MS Visual C++

as seen on Stack Overflow - Search for 'Stack Overflow'
Ok, so I don't want you to do my homework for me, but I'm a little lost with this final assignment and need all the help I can get. Learning about programming is tough enough, but doing it online is next to impossible for me... Now, to get to the program, I am going to paste what I have so far. This… >>> More
The Definitive C++ Book Guide and List

as seen on Stack Overflow - Search for 'Stack Overflow'
After more than a few questions about deciding on C++ books I thought we could make a better community wiki version. Providing QUALITY books and an approximate skill level. Maybe we can add a short blurb/description about each book that you have personally read / benefited from. Feel free to debate… >>> More

Related posts about static-analysis

Should static analysis warnings fail the CI build?

as seen on Stack Overflow - Search for 'Stack Overflow'
Our team is investigating various options for static analysis in our project, and have mixed opinions about whether we want our Continuous Integration build to fail because of warnings from static analysis. The argument against failing the build is that there are often exceptions to the rules, and… >>> More
What static analysis tool do you prefer?

as seen on Stack Overflow - Search for 'Stack Overflow'
Ideally, I'm looking for something to integrate into visual studio 2005, but if i could run it on the command line on windows or on linux for gcc, that would be okay also. I'm looking for something in the $1000 range so I understand I wont get the best tools available. But I also prefer something… >>> More
Static analysis of multiple if statements (conditions)

as seen on Stack Overflow - Search for 'Stack Overflow'
I have code similar to: if conditionA(x, y, z) then doA() else if conditionB(x, y, z) then doB() ... else if conditionZ(x, y, z) then doZ() else throw ShouldNeverHappenException I would like to validate two things (using static analysis): If all conditions conditionA, conditionB, ..., conditionZ… >>> More
Why some consider static analysis a testing and some do not?

as seen on Programmers - Search for 'Programmers'
Preparing myself also to ISTQB certification, I found they call static analysis actually as a static testing, while some engineering book distinct between static analysis and testing, which is the dynamic activity. I tent to think that static analysis is not a testing in the true sense as it does… >>> More
Static analysis tool customization for any language

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, We are using a Tool in our project. This tool has its own language which is similar to Java. I am looking for a static analysis tool which can be applied to the new language. Are there any static analysis tools which can be customized to any languages? or Is there any document or any reference… >>> More