On 22.10.2012 07:03, Kinkie wrote:
> Hi all,
> so far I have checked 134 defects uncovered by Coverity out of 334,
> I think I have seen enough to report some numbers.
> There are 49 false positives, and 24 intentional risky behaviors.
> 61 are bugs; but in most cases they are not real issues, just poor
> practice: things like undocumented assumptions on callers' handling
> of
> buffer sizes.
>
> I hope this can be enough help you understand whether Coverity is a
> good deal - triaging without fixing is a bit of a drag.
> The UI is nice but maybe due to me not sitting on the server it's not
> really as responsive as it could be.
I think we need to do one more thing along with this.
We are not utilizing all the compiler warnings we could be which might
find a lot of these problems without involving any further static
analysis than the build farm already provides. For example GCC offers
-Weffc++ which will catch the constructor/destructor problems in our
practice vs policy.
I'm doing a build of Squid with -Weffc++ -Wno-error=effc++ right now to
produce a report for you to compare with Coverity issues of that same
type.
Amos
Received on Wed Oct 24 2012 - 02:28:14 MDT
This archive was generated by hypermail 2.2.0 : Wed Oct 24 2012 - 12:00:09 MDT