Coverity Scan
Christopher Faylor
cgf-use-the-mailinglist-please@cygwin.com
Fri Apr 25 15:53:00 GMT 2014
On Fri, Apr 25, 2014 at 10:35:00AM +0200, Corinna Vinschen wrote:
>On Apr 25 06:33, David Stacey wrote:
>> Coverity Scan [1] is a commercial (paid for) static analysis tool, but
>> they offer it to Open Source programmes for free. I was having a browse
>> through the list of Open Source programmes using Coverity Scan, and
>> noticed that Cygwin wasn't listed. Would there be any interest in
>> analysing the cygwin1.dll source code on a fairly regular basis? If so,
>> I would be happy to have a go at setting up an analysis job for Cygwin.
>>
>> I would imagine this would be of interest to CGF, Corinna and anyone
>> else who regularly updates the Cygwin source code. Obviously, this is
>> only worth doing if the analysis results are looked at and acted upon.
>
>Depends. If the report contains lots of false positives, it's getting
>annoying pretty quickly.
We use coverity at work. It is annoying and it does have false positive
but a lot of what look like false positives often turn out to be: "Oh,
wait. (#*(&$ Yeah. That's a problem."
If we could use coverity I'm sure it would be interesting if we can get
it.
cgf
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list