Kyle McDonald wrote: > I don' t know for sure, but Coverity's competitor KlokWork > (www.klocwork.com) probably also does Opensource scans, and might be > willing to scan a project that Coverity had rejected. Personally I > prefer KlocWork, but really any static analysis is better than none.
Well some is already done via lint. Another project I saw at OSCON is Mozilla's static analysis tools, which they've implemented as gcc plugins (written in JavaScript of course, since they're Mozilla) - it doesn't have the interprocedural analysis of the more mature checkers like Coverity & lint, but does allow adding checks specific to your code base. For instance, while I know Coverity, and I'm sure others of these, find resource leaks in which malloc is called without a free, or open without a close, I don't know if any know that XCreatePixmap may only return an int to the X client, but it's caused memory allocation to happen on the server and XFreePixmap is needed to avoid leaks there. http://developer.mozilla.org/en/docs/Treehydra has more info - I haven't yet found out if it builds easily on OpenSolaris or how much it would take to try building some of our code bases with it. -- -Alan Coopersmith- [EMAIL PROTECTED] Sun Microsystems, Inc. - X Window System Engineering _______________________________________________ opensolaris-code mailing list opensolaris-code@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
