@PleegWat is going to hell!
-
@PleegWat said in The Official Status Thread:
@PleegWat said in The Official Status Thread:
Status: Spent some time today changing the way our makefiles work. In doing so, I broke rule 1 of working with makefiles.
Mission accomplished. Fewer redundant variables (used ≤1 times). Fewer extra tiny files. I can properly override
CC
andAR
(which was the excuse). And I even fixed it so it doesn't always re-link all binaries.Now I'm able to run the static code analysis tool. It returned >700 issues. In my other component it had a <10% false positive rate.
-
@Gribnit said in @PleegWat is going to hell!:
static code analysis tool. It returned >700 issues
700 only!
We have some 3,000. Raising.
-
@BernieTheBernie Eh, we scan with fortify too. Fix or suppress the cirtical issues, ignore the rest. We've got thousands pending at lower severities.
However, fortify doesn't work right now. Ops says I can ignore the errors but they need to create the new version for me. I have a ticket open for that; they have not created the new version yet. I also doubt their assertion that the errors are harmless.
So while I was twiddling my thumbs I decided to try this (not yet externally published) tool. On my first component (~100kloc) it turned up ~200 real issues which fortify never told me about, ~20 which probably weren't real issues but changing the code did make it clearer, and 7 false positives.
And then I had to refactor the build system for the second component (also ~100kloc) to be able to run the test on that. Which is where I am currently.
-
@PleegWat did you died?