It is a fact that Klocwork has a higher false positive rate than Coverity, possibly above 75%.
If you can get 20 to 30 things in "possible" or "potential" range, that would be amazing.
On Fri, Aug 1, 2008 at 12:32 PM, Thomas Dickey
<address@hidden> wrote:
On Fri, 1 Aug 2008, Larry Zhou wrote:
Here it goes. 117 warnings total.
some of them are false reports (I don't have a count yet, but will work
through the list...).
For instance, the third in the list (for test/bs.c) appears to be seeing the chunk from 447-457, seeing that 'ss' is set to a nonzero value if c!='R', and not seeing that line 468 will not be executed when c=='R'.
You are right about that. That is a false positive. If in anyway, you want to help static analyzer help you.
add a debug assert right before line 468.
assert(ss);
That would help make your intention clear.
(Some of Coverity's were false also - but I won't be surprised if they
find different things). Even if half of them were false, that's still
a gain.