From nobody Fri Sep 6 07:25:03 2024 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X0SRr2sxcz5WD05 for ; Fri, 06 Sep 2024 07:25:12 +0000 (UTC) (envelope-from phk@critter.freebsd.dk) Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4X0SRr0Jftz4MBr; Fri, 6 Sep 2024 07:25:11 +0000 (UTC) (envelope-from phk@critter.freebsd.dk) Authentication-Results: mx1.freebsd.org; none Received: from critter.freebsd.dk (unknown [192.168.55.3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by phk.freebsd.dk (Postfix) with ESMTPS id BA2E28928B; Fri, 06 Sep 2024 07:25:03 +0000 (UTC) Received: (from phk@localhost) by critter.freebsd.dk (8.18.1/8.16.1/Submit) id 4867P3ul040678; Fri, 6 Sep 2024 07:25:03 GMT (envelope-from phk) Message-Id: <202409060725.4867P3ul040678@critter.freebsd.dk> To: David Chisnall cc: Alan Somers , Dmitry Salychev , Jan Knepper , freebsd-hackers@freebsd.org Subject: Re: The Case for Rust (in any system) In-reply-to: <6FEF9D06-01DC-48DC-93D2-178F9726C1D3@freebsd.org> From: "Poul-Henning Kamp" References: <6FEF9D06-01DC-48DC-93D2-178F9726C1D3@freebsd.org> List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <40676.1725607503.1@critter.freebsd.dk> Content-Transfer-Encoding: quoted-printable Date: Fri, 06 Sep 2024 07:25:03 +0000 X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:1835, ipnet:130.225.0.0/16, country:EU] X-Rspamd-Queue-Id: 4X0SRr0Jftz4MBr -------- David Chisnall writes: > On 5 Sep 2024, at 22:13, Alan Somers wrote: > > = > > I used to check it, years ago. But I gave up. The UI is too hard to > > use and false alarms are both too frequent and too hard to suppress. > > Plus, it's a real drag that I can't run the tool myself. Instead, I > > need to wait for the next scheduled run. > > In general, it's very hard to add static analysis to existing projects. Only in the sense that if you want it to provide value, you have to clean up both the code and the list of findings. I did spend some time on Coverity+FreeBSD back when we initially got access and I was sufficiently underwhelmed that I stopped. Coverity has gotten better since then, and it has found a few serious issues in Varnish Cache, but not much. We generally keep the Coverity list clean. One thing about all static analysis tools that you will soon discover if you use them seriously, is that they are all "opinionated" and if you disagree with their opinions, they become as tiresome as a drunk uncle. Coverity is not sober IMO. I will also note that almost all the blame for C's current status lies with the standardization efforts, which almost seem hell-bent on destroying the language rather than improving it. More and more stuff becomes "undefined" instead of taking a stand and laying down a sensible rule. Obvious improvements do not happen: After a quarter century of standardization, C still does not have a way to explicitly lay out a datastructure and specify it's endianess. I guess because C never interacts with hardware and protocols or something ? Why havn't C gotten a set of rudimentary classes ? Are they afraid Bjarne will stop sending them X-mas cards if they adopt a good idea ? How about type-safe enums ? Integer-ranges, a'la PASCAL and ADA would be a great way to tell the compilers what to look for, even if they are used for nothing else. But nope, can't have any of that. Poul-Henning PS: Recently I have not been able to use the Coverity U/I because of some disagreement between my Firefox and their webcode: ERROR TypeError: getColumnCssRules(...).left is undefined applyColumnWidths https://scan5.scan.coverity.com/main.55109ab457b762= b4.js:11 updateCanvasWidth https://scan5.scan.coverity.com/main.55109ab457b762= b4.js:11 updateRowCount https://scan5.scan.coverity.com/main.55109ab457b762b4.= js:11 resizeCanvas https://scan5.scan.coverity.com/main.55109ab457b762b4.js= :11 finishInitialization https://scan5.scan.coverity.com/main.55109ab457b= 762b4.js:11 initialization https://scan5.scan.coverity.com/main.55109ab457b762b4.= js:1 Has anybody seen this ? -- = Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe = Never attribute to malice what can adequately be explained by incompetence= .