On Fri, Apr 25, 2014 at 10:35:00AM +0200, Corinna Vinschen wrote: >On Apr 25 06:33, David Stacey wrote: >> Coverity Scan [1] is a commercial (paid for) static analysis tool, but >> they offer it to Open Source programmes for free. I was having a browse >> through the list of Open Source programmes using Coverity Scan, and >> noticed that Cygwin wasn't listed. Would there be any interest in >> analysing the cygwin1.dll source code on a fairly regular basis? If so, >> I would be happy to have a go at setting up an analysis job for Cygwin. >> >> I would imagine this would be of interest to CGF, Corinna and anyone >> else who regularly updates the Cygwin source code. Obviously, this is >> only worth doing if the analysis results are looked at and acted upon. > >Depends. If the report contains lots of false positives, it's getting >annoying pretty quickly.
We use coverity at work. It is annoying and it does have false positive but a lot of what look like false positives often turn out to be: "Oh, wait. (#*(&$ Yeah. That's a problem." If we could use coverity I'm sure it would be interesting if we can get it. cgf -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
