2012/1/19 David Tardon <dtardon@redhat.com>:
Red Hat has been running coverity internally on all RHEL/Fedora rpms for
~6 months now and a tool has been developed to simplify that for our
developers (i.e., send a source rpm, wait for results :-) The good news
is we are allowed to share the results. The not so good news is we only
have results for 3.4.3 (because we did not package anything newer at the
time of the last run) and the coverity tool seems to have problems with
C++11 stuff in libstdc++'s headers, so more recent runs are failing.
When time permits (i.e., after 3.5.0 is out :-), I am going to think of
a way to do semiautomatic runs for master (let's say once a week) and
publish the results somewhere (probably splitted by category, to allow
more people to fix things without clashing with each other). Also create
an easy hack for it (or, better, one for each category?)
sounds great.
Note that the level of false positives is very high: the first run we
did found more than 3500 defects and my guesstimate is that more than 80 %
of them were false positives (I went through several categories--about
500 defects in total--and fixed what I could, but I did not count :-)
How to prevent false positives? could these be turned into easy hacks?
They claim they're better then others on this.
http://www.verifysoft.com/en_coverity_products_difference.html
regards,
--
Luc Castermans
mailto:luc.castermans@gmail.com
Context
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.