On Wed, Jul 30, 2014 at 10:14:34AM +0000, J.B.C. Engelen (Johan) wrote: > Op 30-07-2014 om 09:49, schreef Tavmjong Bah <tavmj...@free.fr>: > > On Wed, 2014-07-30 at 00:41 -0700, Bryce Harrington wrote: > > On Tue, Jul 29, 2014 at 11:11:13PM +0200, Johan Engelen wrote: > > Hi all, > Is this something we want to sign up to? > https://continuousassurance.org/ > > After a quick browse around their website, they seem to offer a > platform > that runs static analysis tools. We can run them ourselves (and > have > done so not so long ago), but it is nice to have a website do it > for all > of us. (unfortunately, not many of us compile with clang; I gave > up > the > fight on Windows a while back, and will have to try again later) > > > Perhaps you could drop them a line and see if they have special offers > for open source / non-profit projects like us? Coverity has done this > for various projects. > > In any case, before forming an opinion on this I'd want to know the > ballpark cost, and what the results/output looks like. > > > I just looked, it's free. > > > Yes, sorry forgot to mention. This is why I suggested it.
Ah, excellent. Well, if no money expenditures are needed, then it sounds like a regular development activity, so no board decision needs to be made. Personally I think static analysis tools are great and should be used. You might float your proposal on inkscape-devel@ to get wider buy in though. > I pretty strongly believe we should move towards heavy use of these tools, and > requiring clean builds from any branch work etc. before it is merged. We've > had > many bugs that would have been easily resolved by these tools. Last time I ran > clang I got a ton of potential bugs with very few false positives. The list > included links to source and traces through source, some with 40+ decision > steps along the way. > > I've signed myself up and will sign Inkscape up as a project. Let's see how it > works out. Sounds good. Let's continue discussion about it on inkscape-devel@. > Meanwhile, if you have access to clang: have a look. GCC has improved a lot > too > (perhaps because of clang). clang's scanbuild is amazing. clang's > address-sanatizer is *amazing* (from what I've seen in talks), but I have not > tested it myself. Perhaps an item for the roadmap would be to set up a consistent set of static (and non-static) testing tools (perhaps invokable from make), which could be run from a centralized location. (Again though... another topic for inkscape-devel@ discussion.) Thanks, Bryce ------------------------------------------------------------------------------ Infragistics Professional Build stunning WinForms apps today! Reboot your WinForms applications with our WinForms controls. Build a bridge from your legacy apps to the future. http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk _______________________________________________ Inkscape-board mailing list Inkscape-board@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/inkscape-board