This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Coverity Scan


On Fri, Apr 25, 2014 at 10:35:00AM +0200, Corinna Vinschen wrote:
>On Apr 25 06:33, David Stacey wrote:
>> Coverity Scan [1] is a commercial (paid for) static analysis tool, but
>> they offer it to Open Source programmes for free. I was having a browse
>> through the list of Open Source programmes using Coverity Scan, and
>> noticed that Cygwin wasn't listed. Would there be any interest in
>> analysing the cygwin1.dll source code on a fairly regular basis? If so,
>> I would be happy to have a go at setting up an analysis job for Cygwin.
>> 
>> I would imagine this would be of interest to CGF, Corinna and anyone
>> else who regularly updates the Cygwin source code. Obviously, this is
>> only worth doing if the analysis results are looked at and acted upon.
>
>Depends.  If the report contains lots of false positives, it's getting
>annoying pretty quickly.

We use coverity at work.  It is annoying and it does have false positive
but a lot of what look like false positives often turn out to be:  "Oh,
wait.  (#*(&$  Yeah.  That's a problem."

If we could use coverity I'm sure it would be interesting if we can get
it.

cgf

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]