Documentation Source Text

Check-in [f65ab3a743]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Updates to the static analysis section of the testing.html document.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: f65ab3a74329f48311b54a68131bd5ad98b28215
User & Date: drh 2012-07-17 12:20:19.993
Context
2012-08-07
00:38
Update the download page to separate WinRT binaries into a separate head and to add the VSIX download. (check-in: 1daba99c3e user: drh tags: trunk)
2012-07-17
12:20
Updates to the static analysis section of the testing.html document. (check-in: f65ab3a743 user: drh tags: trunk)
12:13
Fix the download page to use absolute rather than relative pathnames in order to work around a bug in the Google search engine. (check-in: 90cc4b660f user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to pages/testing.in. 
775
776
777
778
779
780
781
782

783
784
785
786


787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804

<h2>10.0 Static Analysis</h2>

<p>Static analysis means analyzing code at or before compile-time to
check for correctness.  Static analysis includes looking at compiler
warning messages and running the code through more in-depth
analysis engines such as the
[http://clang-analyzer.llvm.org/ | Clang Static Analyzer].
SQLite compiles without warnings on GCC using the -Wall and -Wextra flags.

And the Clang Static Analyzer finds nothing wrong with SQLite either.
VC++ often will generate a number of warnings from SQLite source code,
but the experience of SQLite developers is that VC++ warnings are of
lower quality and can be safely ignored.  Users are encouraged not


to stress over VC++ warnings.</p>

<p>Static analysis has not proven to be especially helpful in finding
bugs in SQLite.  Static analysis has found a few bugs in SQLite, but
those are the exceptions.  More bugs have been
introduced into SQLite while trying to get it to compile without 
warnings than have been found by static analysis.

<p>Our experience, then, is that static analysis is not especially helpful
to maintaining high code quality and it is therefore deemphasized
in SQLite development and maintenance.</p>

<tcl>hd_fragment summary</tcl>
<h2>11.0 Summary</h2>

<p>SQLite is open source.  This gives many people the idea that
it is not well tested as commercial software and is perhaps unreliable.
But that impression is false.  








|
>
|
|
<
|
>
>
|





|
<
<
<
<








775
776
777
778
779
780
781
782
783
784
785

786
787
788
789
790
791
792
793
794
795




796
797
798
799
800
801
802

<h2>10.0 Static Analysis</h2>

<p>Static analysis means analyzing code at or before compile-time to
check for correctness.  Static analysis includes looking at compiler
warning messages and running the code through more in-depth
analysis engines such as the
[http://clang-analyzer.llvm.org/ | Clang Static Analyzer].
SQLite compiles without warnings on GCC and Clang using 
the -Wall and -Wextra flags on Linux and Mac and on MSVC on Windows.
No warnings are generated by the Clang Static Analyzer tool "scan-build"
either.  Nevertheless, some warnings might be generated by other

static analyzers.  Users are encouraged not to stress over these
warnings and to instead take solace in the intense testing of SQLite
described above. 
</p>

<p>Static analysis has not proven to be especially helpful in finding
bugs in SQLite.  Static analysis has found a few bugs in SQLite, but
those are the exceptions.  More bugs have been
introduced into SQLite while trying to get it to compile without 
warnings than have been found by static analysis.</p>





<tcl>hd_fragment summary</tcl>
<h2>11.0 Summary</h2>

<p>SQLite is open source.  This gives many people the idea that
it is not well tested as commercial software and is perhaps unreliable.
But that impression is false.