Re: Report on Coverity

From: Alex Rousskov <rousskov_at_measurement-factory.com>
Date: Wed, 24 Oct 2012 23:05:06 -0600

On 10/24/2012 06:07 PM, Amos Jeffries wrote:

> If we were to take up this scanning I think it would be more beneficial
> to run periodically and check for new bugs rather than constantly. Once
> per year (~100K lines of code change each year) or after any large logic
> changes should be sufficient to check for new issues.

I was told Coverity is pretty good at isolating new defects from the old
ones. We have not tested those features yet, but if true, the tests
should be integrated with Jenkins and new issues reported as they
surface IMO, just like we do with build issues.

With proper configuration, there should not be too much noise. We might
even demand cleaner code during review because we would know that the
scan will complain about known problems :-).

Why wait a few months for a crash bug report from an upset admin if
static analysis can discover the problem shortly after commit?

Cheers,

Alex.
Received on Thu Oct 25 2012 - 05:05:17 MDT

This archive was generated by hypermail 2.2.0 : Thu Oct 25 2012 - 12:00:08 MDT