On 08/04/13 14:40, James Hunt wrote: > On 08/04/13 13:57, Matthias Klose wrote: >> Am 08.04.2013 14:13, schrieb James Hunt: >>> As a precis of my earlier blog post [1], I'd like to encourage those >>> involved >>> with a C, C++ or Java project in Ubuntu to take a look at the Coverity Scan >>> static-analysis service offered free to OSS projects [2]. >>> >>> We're already using it for critical packages including Upstart and Whoopsie >>> [3], >>> but it would be great to expand its scope to make it use the norm rather >>> than >>> the exception. >> >> Did it catch the wrong use of the malloc attribute in upstart? ;) > I don't know - we were using it in anger then and I've now fixed that gcc > function attribute issue :) > >> >>> For those who have either never used static analysis tools, or have simply >>> never >>> used Coverity, don't fall into the trap of thinking that "gcc -pedantic >>> -Wall" >>> should be good enough for anyone - it simply is not. >> >> I don't know where you did get this from ... Anyway, not using -Wextra >> leaves >> out more things. >> >> while not static analysis tools, you might want to look at -fsanitize=address >> and -fsanitize=thread in GCC 4.8 (available in the ubuntu-toolchain-r/test >> PPA). > Will do, thanks. > >> >> There's also clang --analyze, scan-view and scan-build in the clang package >> as a >> static analyzer. > Yes, I have used and continue to use these tools. However, from my > experiences, > they are not as thorough as Coverity for the codebases I'm regularly looking > at. > >> >> And all of these are free software. > Back in the day, splint [1] rocked on static analysis but the project appears > to > have languished - it doesn't even appear to handle C99. YMMV but IMHO, > Coverity > Scan is the most thorough static-analysis tool available to OSS developers > today > that I've seen. Maybe if splint were to be revived my opinion may change... ;)
smatch [1] is quite a useful tool too, it has helped me find a variety of bugs in applications I've written, however, I'd rather use coverity if we had access to it. [1] http://smatch.sourceforge.net/ > >> >> Matthias >> >> > > Kind regards, > > James. > > [1] - http://splint.sourceforge.net/ > -- > James Hunt > ____________________________________ > #upstart on freenode > http://upstart.ubuntu.com/cookbook > https://lists.ubuntu.com/mailman/listinfo/upstart-devel > -- ubuntu-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
