On 08/04/13 13:57, Matthias Klose wrote: > Am 08.04.2013 14:13, schrieb James Hunt: >> As a precis of my earlier blog post [1], I'd like to encourage those involved >> with a C, C++ or Java project in Ubuntu to take a look at the Coverity Scan >> static-analysis service offered free to OSS projects [2]. >> >> We're already using it for critical packages including Upstart and Whoopsie >> [3], >> but it would be great to expand its scope to make it use the norm rather than >> the exception. > > Did it catch the wrong use of the malloc attribute in upstart? ;) I don't know - we were using it in anger then and I've now fixed that gcc function attribute issue :)
> >> For those who have either never used static analysis tools, or have simply >> never >> used Coverity, don't fall into the trap of thinking that "gcc -pedantic >> -Wall" >> should be good enough for anyone - it simply is not. > > I don't know where you did get this from ... Anyway, not using -Wextra leaves > out more things. > > while not static analysis tools, you might want to look at -fsanitize=address > and -fsanitize=thread in GCC 4.8 (available in the ubuntu-toolchain-r/test > PPA). Will do, thanks. > > There's also clang --analyze, scan-view and scan-build in the clang package > as a > static analyzer. Yes, I have used and continue to use these tools. However, from my experiences, they are not as thorough as Coverity for the codebases I'm regularly looking at. > > And all of these are free software. Back in the day, splint [1] rocked on static analysis but the project appears to have languished - it doesn't even appear to handle C99. YMMV but IMHO, Coverity Scan is the most thorough static-analysis tool available to OSS developers today that I've seen. Maybe if splint were to be revived my opinion may change... ;) > > Matthias > > Kind regards, James. [1] - http://splint.sourceforge.net/ -- James Hunt ____________________________________ #upstart on freenode http://upstart.ubuntu.com/cookbook https://lists.ubuntu.com/mailman/listinfo/upstart-devel -- ubuntu-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
