Hi, Christian! On Feb 07, Christian Convey wrote:
Okay, you can create an account for me. But it would be better if you could find which of those defects are real.
I'm perfectly content to follow the path which you consider to be the better one: me checking each individual issue reported. It will take a long time, but at least I'll learn a lot about the code.
Usually there's a pattern, and many false positives fall under it. Please create an account for me, and I'll see if we could quickly discard many false positives.
Some of the bugs that Coverity finds will only come up with very unusual paths through the code. Coverity now provides a very clear explanation of how such a path through the code could occur. When this happens, as a C++ programmer I find myself well-convinced that there's a bug. But, especially as a newbie, it could require many hours for me to create a test case which actually triggers that bug during execution. In such cases, what would be better: report the bug once I'm personally convinced it's real, or to report it only after I've created a test case which reliably triggers the bug?
No, I didn't mean that you need to create a test case - only to look at what Coverity reports. Sometimes it might be very difficult to trigger a bug, for example, it may happen only if, say, malloc(10) in some specific place would return NULL. Regards, Sergei