Am 08.04.2013 14:13, schrieb James Hunt: > As a precis of my earlier blog post [1], I'd like to encourage those involved > with a C, C++ or Java project in Ubuntu to take a look at the Coverity Scan > static-analysis service offered free to OSS projects [2]. > > We're already using it for critical packages including Upstart and Whoopsie > [3], > but it would be great to expand its scope to make it use the norm rather than > the exception.
Did it catch the wrong use of the malloc attribute in upstart? ;) > For those who have either never used static analysis tools, or have simply > never > used Coverity, don't fall into the trap of thinking that "gcc -pedantic -Wall" > should be good enough for anyone - it simply is not. I don't know where you did get this from ... Anyway, not using -Wextra leaves out more things. while not static analysis tools, you might want to look at -fsanitize=address and -fsanitize=thread in GCC 4.8 (available in the ubuntu-toolchain-r/test PPA). There's also clang --analyze, scan-view and scan-build in the clang package as a static analyzer. And all of these are free software. Matthias -- ubuntu-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
