[Gretl-devel] Re: Static code analysis of gretl
On Tue, 24 Aug 2021, Sven Schreiber wrote:
Thanks, Hélio, this is potentially very useful. Artur came up with a
similar (I think) automated analysis in the past, and a few code
improvements resulted from that.
OTOH, I'm sure that the true number of flaws and bugs is nowhere near
the astronomical number reported there. I'd say the artificial
intelligence there is not mature enough yet and the result needs more
filtering. But I'm especially curious about the assessment of what they
call potential security flaws.
I gave it a brief look. From a quick and non-systematic spot-check, it
would seem that many traditional C idioms are marked as potentially
dangerous, but from what I've seen we're OK.
-------------------------------------------------------
Riccardo (Jack) Lucchetti
Dipartimento di Scienze Economiche e Sociali (DiSES)
Università Politecnica delle Marche
(formerly known as Università di Ancona)
r.lucchetti(a)univpm.it
http://www2.econ.univpm.it/servizi/hpp/lucchetti
-------------------------------------------------------