-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
valueflow.cpp: issue a debug message about analysis of condition expressions being disabled #6025
Conversation
Part of valueflow was just disabled by default without providing any feedback about it. As this message will probably happen in any invocation of the tool this shows that this change is extremely questionable. Without this feedback it might also indicate that some issues were fixed which indeed they were not. So this is bound to wreck havoc in lots of ways. |
Discovered by assuming that https://trac.cppcheck.net/ticket/12125 and https://trac.cppcheck.net/ticket/10949 were fixed which indeed they were not. |
IMO Throwing random setting of the This similarly applies to the And with the |
This is my opinion about the exhaustive flag: The exhaustive option should be switched on by default. Only if there are performance issues, users can decide to set it down to normal, while they need to be informed on the impact with an informative message that valueflow ist partly active and there are potential false negatives as a conequence. This would improve usability and results for users that are using Cppcheck the first time. In addition, it reduces the risk that some important issues are not reportet right at the first scanning of a project. |
Disabling it by default also completely killed the |
I also think we should rename the check level And the current This just highlights that this isn't well thought through. We probably need to introduce a new option which is properly defined. We could also include a mode which does no ValueFlow at all and call that We should also expose all the tuning parameters for the individual levels via the |
Can you please let me know how they will learn about --check-level=normal when they have performance issues? Would we produce a information message in this situation? I saw the danger that users would run into problems and don't know how to do solve it. They could get the idea that we are too slow.. Performance is a topic that is quite frequently discussed with Cppcheck customers. If we can be significantly faster than competitors its a serious advantage. I don't have a strong opinion about which check level is default. |
This was added for the safety certification. It's not the intention that it will be shown for normal users. But yes if you always use If you find it pointless I am not against that it's only shown if |
Well I fear that such mode would have a drastic number of false negatives. If it really means "no valueflow at all" then we won't find any division by zero/null pointer dereference/etc at all. |
By reading the documentation
I don't mind either, as long as there's an option to switch between the different levels. The crucial aspect from the user's perspective is understanding what to anticipate when utilizing the '--check-level=normal' parameter. |
I fear that most users does not read the documentation much and will not learn about this solution to their problem then. My idea with "exhaustive" was that it can be more time consuming and more targeted to i.e. a CI job where speed is not critical. Many customers wants to integrate Cppcheck in their IDE and speed is important in that situation. |
The names are not written in stone we can change it. We introduced the names couple of months ago so anybody who started using our new flags already should be capable of changing their scripts again. Would "comprehensive" feel better than "exhaustive"? Analysis is not 100% complete in all cases. |
Sorry for the late reply but I wanted to finish up some of my other stuff before I dive into this but that didn't work out as well as I thought... I will write a more in-depth comment later. Leaving the user aside for now this might cause havoc for QA and development. With those messages being shown we have no idea that we are omitting things. So it might lead to more cases where it seems like something is fixed/broken but it actually isn't and you need to specify more options while doing things. We already see that with the broken data collection in daca and apparently fixed issues which triggered this. That increases the test matrix and will make things more complex and slower in turnaround times. We also would require multiple instances of daca so we actually collect all the warning data and all the performance data as we might regress in any area with any of those configurations. |
Restored in #6153. |
#6153 also revealed some things about the ValueFlow I was not (actively) aware of. We perform it for everything no matter if it is used or not. It seems if we might conditionally (and optionally) able to exclude some unused code from that it might yield a performance boost. I filed https://trac.cppcheck.net/ticket/12528 about that. |
We are treating certain errors as critical because they cause the analysis of subsequent code to stop. You could argue that any bailout is similar to that. Be it either the |
The reduced default check level might also cause misleading results in the tests. We should default at exhaustive in the object but only set the different default when parsing the command-line. |
We cannot release a version without at least having a message. I will adjust this PR later today so it will only show as debug for now and will file tickets about the additional points I raised. Overall I think we should not disable this by default but let's get the message in first. |
Addressed in #6225. |
…essions being disabled
…essions being disabled (#6025)
…essions being disabled (#6025)
No description provided.