--- Dan Scott <[EMAIL PROTECTED]> wrote: > I was pondering a few possibilities for helping to tighten up our > code > in a more automated fashion today. I thought I would throw the ideas > out there to see if there's interest or support for them...
<snip: info about code-scanning tools> Mod parent up. I have stumbled across various problems (security vulnerabilities, memory leaks, etc.) in the course of doing other things, but I haven't been looking for them systematically. I've probably overlooked more than I've found, even if you don't count the code that I haven't looked at yet. No doubt the automated tools can find more stuff faster. It's the difference between working with a pick and shovel and working with a backhoe. Don't forget good old lint. I haven't used it yet on this project because I've been finding enough to keep me busy with the pick-and- shovel approach. However my experience is that lint usually finds at least a few forehead-slappers. My one reservation is about the idea of posting the results on the web. The point is not that I don't want to air our dirty linens in public -- it's all open source, after all -- but I wouldn't want to erect needless barriers to the code scans. If it takes ten minutes to run the scans, and three hours to update the website, then we probably won't run the scans as often as we should. I'd rather have more scans than prettier web pages. Hence I suggest that any publication of the scan results involve minimal work, because the reporting is rudimentary, automated, or both. I note that Coverity's website already publishes defect counts on the projects it covers. Scott McKellar http://home.swbell.net/mck9/ct/