On 12 February 2015 at 00:18, Jürgen E. <[email protected]> wrote: > Hi Hugo, > > On Wed, 11. Feb 2015 at 14:04:56 +0100, Hugo Mercier wrote: >> I am curious about Coverity. AFAIK, the static analyzer is not open source, >> right ? So this works as long as they offer if freely for open source >> projects. > > Right. It's propietary. And IMHO it's also a heavy depencency (IIRC the > download of the tool needed to collect the build logs was 150MB). > >> What would be very good is to call static analyzers during the build/testing >> process (as an option). Has somebody experiences with such things ? CLang >> static analyzer ? > > We have used cppcheck - but not integrated into the build process. > There are also some good options for gcc (eg. -Weffc++).
I also don't see the non-open source nature of this tool as an issue. I think with things like this the more analysers we can throw at the code the better. So cppcheck, scan-build etc should all be used in parallel to Coverity. Coverity has the positive that it's seen as a highly respected, industry-leading tool. So being able to show that it reports our code as clean (or nearly clean) is a strong argument to QGIS' code quality. One thing I forgot to mention initially: if anyone's working on addressing/checking issues on Coverity, please make sure to use the triage status tools and flag issues as Fix Submitted/False Positive so that we don't duplicate effort. Nyall _______________________________________________ Qgis-developer mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/qgis-developer
