New Coverity Scan results available

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

New Coverity Scan results available

Jeffrey Walton-3
Hi Everyone,

New Coverity Scan results are available at http://scan.coverity.com/projects/cryptopp. The two scans performed today were Windows X86 and Windows X64. We usually perform against Linux, so Windows was used to add some variety.

We are mostly clear of findings. There are two findings against Microsoft's STL, and two findings for missing move/assignment operators. The GCC folks advise against writing a move/assignment operator. Instead, they recommend allowing the compiler to generate one. It appears Microsoft compilers are not generating one.

Jeff

--
--
You received this message because you are subscribed to the "Crypto++ Users" Google Group.
To unsubscribe, send an email to [hidden email].
More information about Crypto++ and this group is available at http://www.cryptopp.com.
---
You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New Coverity Scan results available

Jeffrey Walton-3

New Coverity Scan results are available at <a href="http://scan.coverity.com/projects/cryptopp" target="_blank" rel="nofollow" onmousedown="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fscan.coverity.com%2Fprojects%2Fcryptopp\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNG2Vbl-FMLglXcHfnWHo0W1-odoKg&#39;;return true;" onclick="this.href=&#39;http://www.google.com/url?q\x3dhttp%3A%2F%2Fscan.coverity.com%2Fprojects%2Fcryptopp\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNG2Vbl-FMLglXcHfnWHo0W1-odoKg&#39;;return true;">http://scan.coverity.com/projects/cryptopp. The two scans performed today were Windows X86 and Windows X64. We usually perform against Linux, so Windows was used to add some variety.

We are mostly clear of findings. There are two findings against Microsoft's STL, and two findings for missing move/assignment operators. The GCC folks advise against writing a move/assignment operator. Instead, they recommend allowing the compiler to generate one. It appears Microsoft compilers are not generating one.

I was able to investigate the move/assignment issue a little more.

According to Support For C++11/14/17 Features (https://msdn.microsoft.com/en-us/library/hh567368.aspx), Microsoft compilers automatically implement move semantics starting with Visual Studio 2015. They don't implement it in VS2010-VS2013, which falls into a low-grade compiler bug. The Coverity scans were performed using VS2012.

The Rule of 0 and the Rule of 3 kinda tell us we should not implement them, even if Microsoft is not generating them for us. The GCC devs have advised us to _not_ provide them (I had a sidebar with Jonathan Wakely about it last year).

I think we should probably ignore the finding. There's not much we can do about it since it needs to be fixed in the compiler. The other option is to change the interface for only VS2010-VS2013, but that does not seem like a good option to me.

Jeff

--
--
You received this message because you are subscribed to the "Crypto++ Users" Google Group.
To unsubscribe, send an email to [hidden email].
More information about Crypto++ and this group is available at http://www.cryptopp.com.
---
You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
For more options, visit https://groups.google.com/d/optout.
Loading...