> -----Original Message----- > From: Thomas Monjalon <tho...@monjalon.net> > Sent: Wednesday, June 8, 2022 9:23 AM > To: Stephen Hemminger <step...@networkplumber.org> > Cc: dev@dpdk.org; Mcnamara, John <john.mcnam...@intel.com>; > david.march...@redhat.com > Subject: Re: Lgtm scan of DPDK > > 28/05/2022 01:12, Stephen Hemminger: > > I just discovered that there is another tool similar to Coverity for > scanning. > > It gives different results, and might be useful. > > The scans of github open source projects is already done. > > > > See: https://lgtm.com/projects/g/DPDK/dpdk > > > > Shows 19 errors, 263 warnings and 111 recommendations. > > > > Of course, some of these are bogus. For example, tool thinks are scripts > are Python 2. > > The problem is that we already invest some time in Coverity triage to mark > false positives. > Can you check whether this tool has some false positives?
We looked at this tool a few years ago. Some of the good points were: * It is automatic and runs independently * It did find some genuine issues * Issues have the commit ID associated with them so you could assign them to One of the main disadvantages was: * False positives can only be marked with a comment in the code Nevertheless it is probably worth folks evaluating the issues in their own areas of code and in particular any of the Errors. John
