[Ksummit-discuss] coverity, static checking etc.

Wolfram Sang wsa at the-dreams.de
Sun May 11 11:10:34 UTC 2014


> Last year I had been doing the coverity scans on an almost daily basis
> for 2-3 months.  Now that we're a year in, I'd like to share some
> results, and show some of the more common trends and bug patterns that
> seem to pop up.
> 
> [ spoiler: For the most part, it's all pretty positive, but we still suck ]
> 
> It would also be good to have some more discussion about other tools
> we could be making more use of.  (Nomination: Dan Carpenter for smatch).

I'm definately interested.

In my workflow, I use sparse/smatch/coccicheck/cppcheck before applying
my own work, or patches to the i2c branches. (Oh, and rats and flawfinder,
too, but so far, they didn't point to something worthwhile.)

I am interested in workflows and experiences from other people, how
usage of static analyzers could be spread (gcc inclusion sounds great),
how to make them more robust, etc... And by doing that, get a better
feeling when an issue left the scope of static code checking and needs
some proper handling.

Thanks,

   Wolfram

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.linuxfoundation.org/pipermail/ksummit-discuss/attachments/20140511/b930b644/attachment-0001.sig>


More information about the Ksummit-discuss mailing list