My preference would simply be to improve the Clang static analyser - it's free,
open source, etc.
I periodically run that analyzer on JSC, but apparently their ToT code has many
improvements over stable.
--Oliver
On Sep 17, 2012, at 9:20 PM, Brent Fulgham wrote:
> Hi Gang,
>
> On Sep 17, 201
Hi Gang,
On Sep 17, 2012, at 4:11 PM, James Hawkins wrote:
> TL;DR - If you have opinions one way or another about having a Coverity
> instance available for WebKit developers, please respond to this message.
I have used Coverity at on a couple of occasions, without modifying source code
to h
Annotations to spoonfeed a static analysis would make me profoundly unhappy.
-Filip
On Sep 17, 2012, at 8:13 PM, Hajime Morrita wrote:
> On Tue, Sep 18, 2012 at 8:46 AM, Eric Seidel wrote:
>> On Mon, Sep 17, 2012 at 6:35 PM, Benjamin Poulain
>> wrote:
>> > On Mon, Sep 17, 2012 at 4:11 PM, J
On Sep 17, 2012, at 8:13 PM, Hajime Morrita wrote:
>
> And/Or are we going to allow inline annotations?
> The practice Coverity suggested is to adding such annotations.
> http://scan.coverity.com/best-practice.html
>
> I personally think it's worth having inline annotations because it can also
On Tue, Sep 18, 2012 at 8:46 AM, Eric Seidel wrote:
> On Mon, Sep 17, 2012 at 6:35 PM, Benjamin Poulain
> wrote:
> > On Mon, Sep 17, 2012 at 4:11 PM, James Hawkins
> > wrote:
> >>
> >> A few details:
> >> * Google will front the cost of the license (non-zero...very far from
> >> zero) and the i
On Tue, Sep 18, 2012 at 8:11 AM, James Hawkins wrote:
> Hey folks,
>
> TL;DR - If you have opinions one way or another about having a Coverity
> instance available for WebKit developers, please respond to this message.
I don't have an opinion, but:
> Coverity is a static analysis tool [1] which
I approve.
Regardless of opinions of how good Coverity is at catching real bugs (I have
doubts), we already have changesets based on its advice. That ship has already
sailed. So, it would be great if the tool was more broadly available if only so
that others could see how it works.
-Filip
O
On Mon, Sep 17, 2012 at 6:35 PM, Benjamin Poulain wrote:
> On Mon, Sep 17, 2012 at 4:11 PM, James Hawkins
> wrote:
>>
>> A few details:
>> * Google will front the cost of the license (non-zero...very far from
>> zero) and the infrastructure.
>> * I'd leave it up to the WebKit leadership to decide
I like having static analysis results available - that seems useful.
I think static analysis tools are more useful when we can set a blanket policy
of fixing all warnings they report. For example, our warning levels combined
with -Werror are a very strong tool in this regard, despite the limite
On Mon, Sep 17, 2012 at 4:11 PM, James Hawkins wrote:
>
> A few details:
> * Google will front the cost of the license (non-zero...very far from
> zero) and the infrastructure.
> * I'd leave it up to the WebKit leadership to decide who has access (most
> likely limited to WebKit committers for sec
I wish to subscribe to this product and or service. Count me in.
I'm not particularly worried about who has access. But maybe I should
be? Its not like the bad-guys can't run coverity themselves.
On Mon, Sep 17, 2012 at 6:11 PM, James Hawkins wrote:
> Hey folks,
>
> TL;DR - If you have opinio
On Mon, Sep 17, 2012 at 4:11 PM, James Hawkins wrote:
>
> I'd like to propose adding a Coverity instance for the WebKit community,
> but I want to make sure there's general support before writing up the
> detailed proposal.
>
> A few details:
> * Google will front the cost of the license (non-zero
12 matches
Mail list logo
