Le 24/09/2015 23:29, Ehsan Akhgari a écrit : > On 2015-09-24 1:41 PM, Sylvestre Ledru wrote: >> = Static analyzers = >> For now, we are running: >> * Coverity, a proprietary tool with a great (but slow) web interface. As >> Firefox is Free software, the service is provided for free >> but with a restriction in term of number of build. Now, the analysis is >> launched once a week on Monday. Supports C, C++ & Java. >> A few improvements will be made to silent some of the defects. > > Does anybody look at these regularly? I am looking at the weekly reports. I am reporting the issue I can confirm. However, to be honest, I am not technically able to analyze every one of them. I am also tagging false positive to keep a clean database.
FYI, at some point, we might have someone to help on this full time. > I would be interested to know if they produce high quality results these > days. My past experience with Coverity has been that it's full of false > positivies. Several answers: * I think the results are still pretty much the same * false positives can be silent. This is a work to be done either in our code (you reviewed some of my patches for this in the past) or in coverity * some checkers have a small false positives ratio, some other, an higher. > >> * scan-build (aka clang-analyzer), a static analyzer integrated into >> Clang. This tool is executed every day. Support C & C++. >> The main issue with scan-build is that here is no history management and >> it is not really possible to ignore false positive. >> Ericsson started to work on a new (Python) tool based on clang-analyzer >> called Code Checker - https://github.com/Ericsson/codechecker >> to address that. > > FWIW I am planning to stand this up for us at some point (hopefully soon.) > Could you share some details? I am on the process of deploying code checker. >> == Infer == >> >> Firefox (just C code): >> https://people.mozilla.org/~sledru/reports/firefox-infer/bugs.txt >> >> Fennec (Java code): >> https://people.mozilla.org/~sledru/reports/fennec-infer/bugs.txt > > Neat! I did not know about this one. Has anyone looked at the results? This bug https://bugzilla.mozilla.org/show_bug.cgi?id=1175203 has been reported but no activity. Sylvestre _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
