This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Coverity Scan
- From: Christopher Faylor <cgf-use-the-mailinglist-please at cygwin dot com>
- To: cygwin at cygwin dot com
- Date: Fri, 25 Apr 2014 11:53:24 -0400
- Subject: Re: Coverity Scan
- Authentication-results: sourceware.org; auth=none
- References: <5359F391 dot 8060309 at tiscali dot co dot uk> <20140425083500 dot GA5666 at calimero dot vinschen dot de>
- Reply-to: cygwin at cygwin dot com
On Fri, Apr 25, 2014 at 10:35:00AM +0200, Corinna Vinschen wrote:
>On Apr 25 06:33, David Stacey wrote:
>> Coverity Scan [1] is a commercial (paid for) static analysis tool, but
>> they offer it to Open Source programmes for free. I was having a browse
>> through the list of Open Source programmes using Coverity Scan, and
>> noticed that Cygwin wasn't listed. Would there be any interest in
>> analysing the cygwin1.dll source code on a fairly regular basis? If so,
>> I would be happy to have a go at setting up an analysis job for Cygwin.
>>
>> I would imagine this would be of interest to CGF, Corinna and anyone
>> else who regularly updates the Cygwin source code. Obviously, this is
>> only worth doing if the analysis results are looked at and acted upon.
>
>Depends. If the report contains lots of false positives, it's getting
>annoying pretty quickly.
We use coverity at work. It is annoying and it does have false positive
but a lot of what look like false positives often turn out to be: "Oh,
wait. (#*(&$ Yeah. That's a problem."
If we could use coverity I'm sure it would be interesting if we can get
it.
cgf
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple