From: Tobias Heider Subject: Re: how accurate or helpful is scan-build-16 in clang-16 in identifying bugs / issues in code at build time ? To: Tom Smyth Cc: OpenBSD Ports Date: Mon, 26 Aug 2024 00:37:59 +0200 On Sun, Aug 25, 2024 at 11:11:14PM +0100, Tom Smyth wrote: > Folks, > Im just wondering what other porters experience of scan-build for the > projects that you are maintaining ? > > has it been useful in identifying bugs?... or is the analysis engine too > basic or shallow to properly analyse code ? > > are there particular types of bugs it is good at identifying without false > positives ? > are there particular types of bugs that it identifies that are probably a > waste of time ? > > any advice on using scan-build-16 with ports would be appreciated... In my experience it can be very helpful to find issues, the false positive rate very much depends on the code though. Running it should be as easy as calling `scan-build make` instead of just make. One big limitation is that it can only analyze within a single translation unit, so it won't be smart enough to trace possible outputs across differet source files. > > Thanks > > Tom Smyth > > > > -- > Kindest regards, > Tom Smyth.