lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 28 Sep 2007 15:02:43 +0100
From:	Andy Whitcroft <apw@...dowen.org>
To:	Pekka Enberg <penberg@...helsinki.fi>
Cc:	Ingo Molnar <mingo@...e.hu>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Randy Dunlap <rdunlap@...otime.net>,
	Joel Schopp <jschopp@...tin.ibm.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] update checkpatch.pl to version 0.10

On Fri, Sep 28, 2007 at 04:37:49PM +0300, Pekka Enberg wrote:
> Hi Andy,
> 
> On 9/28/07, Andy Whitcroft <apw@...dowen.org> wrote:
> > That is unfair.  Every time we discuss it I state that I disagree that
> > hiding mostly useful tests is a good thing.  I would love the tests to
> > be 100% accurate, but if I removed all the tests that can false positive
> > I would literally have none.  There is a balance to be struck and we
> > have significantly different ideas on where the balance is.
> 
> Are you disagreeing with the numbers Ingo posted? 25,000 false
> positives for the kernel is beyond silly... Existing conventions
> should matter a lot and the default configuration for a static code
> checker should really be 100%. So why not hide the potentially useful
> warnings under -Wtoo-strict or similar command line option?

I have not run across the whole kernel to find out, his estimation is
likely high as his sample (mm/sched.c) includes a particular construct
(multiple assignment) which is reported and overly common in that
piece of code.  If I take mm/signal.c (also big) I get 1/1000 files,
and those two are easily fixed.  I should note it shows some 62 actual
real violations in that file.

I do receive automated checks of every patch posted to lkml and I work
to remove the false positives from them.  The false positive ratio is
very low in those reports and it those which drive my development effort.

checkpatch is a work in progress and likely will be for many years to
come.

I have propose we 'gate' those subjective tests, and have asked for
input on that thread on the default for those tests.

-apw
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ