CPP: Change some query severities#1192
Conversation
jbj
left a comment
There was a problem hiding this comment.
I agree with these changes. Both queries are good, but they're definitely recommendations.
I've thought sometimes about creating a query for Bug #6 in Curiously Recurring C++ Bugs at Facebook (an excellent talk, by the way), but that hasn't been necessary because the "Function declared in block" query has detected that bug. Now that we're downgrading this query, perhaps it's time to write a query for Bug #6 and give it high severity.
|
Good idea, I'll look into it. |
I understood issue #6 to be a variable declaration, not a function declaration. Can you give me an example where "Function declared in block" catches something serious? |
|
I wrote some test cases and found the |
|
I'd misremembered Bug #6. I thought it was a variant of this bug, which I thought was easier to trigger. I think a "local variable hides class member variable" query would be too noisy in practice. I wrote a less strict version of that for Java once to find methods that access a field without a qualifier when a local variable exists with the same name in that method. I think it has quite good results, but it's still very noisy: https://lgtm.com/query/1506250887340/. Anyway, that wouldn't detect Bug #6. It would be great if we could write a generalised "expression has no effect" query for Bug #6 because I think that's the most general form of the problem. The default constructor probably sets some field to |
I thought that might create a temporary mutex and lock it, but it seems to do nothing at all. Do you know why? I'm thinking the way forward is to write some tests for these cases, see which existing queries help, and discuss further. |
... oh, because it's a function declaration. Hence the use of |
Looking through the LGTM results for Linux, I found some warnings that feel like they should be recommendations.
(I also think that some of the results for suspicious-pointer-scaling and dead-code-goto may be dubious, so I'm looking into that next)