<div dir="ltr"><div><span style="color:rgb(153,153,153);font-size:13.1999998092651px;line-height:19.7999992370605px">> I am curious about Coverity. AFAIK, the static analyzer is not open source,</span><br style="color:rgb(153,153,153);font-size:13.1999998092651px;line-height:19.7999992370605px"><span style="color:rgb(153,153,153);font-size:13.1999998092651px;line-height:19.7999992370605px">> right ? So this works as long as they offer if freely for open source</span><br style="color:rgb(153,153,153);font-size:13.1999998092651px;line-height:19.7999992370605px"><span style="color:rgb(153,153,153);font-size:13.1999998092651px;line-height:19.7999992370605px">> projects.</span><br style="color:rgb(153,153,153);font-size:13.1999998092651px;line-height:19.7999992370605px"></div><div><br></div>>> <span style="font-size:13.1999998092651px;line-height:19.7999992370605px">Right. It's propietary. And IMHO it's also a heavy depencency</span><div><br>Not sure I find that to be much of a issue. Use what ever works, it seems to be free for us at the moment and is improving our code a lot, if there is a open version that works as well that is fine but it's definitely not something that I personally worry about. I also wouldn't really call it a dependency when we are not forced or forcing anyone else to use it.</div><div><br></div><div>- Nathan</div></div><br><div class="gmail_quote">On Wed Feb 11 2015 at 11:19:09 PM Jürgen E. <<a href="mailto:jef@norbit.de">jef@norbit.de</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Hugo,<br>
<br>
On Wed, 11. Feb 2015 at 14:04:56 +0100, Hugo Mercier wrote:<br>
> I am curious about Coverity. AFAIK, the static analyzer is not open source,<br>
> right ? So this works as long as they offer if freely for open source<br>
> projects.<br>
<br>
Right. It's propietary. And IMHO it's also a heavy depencency (IIRC the<br>
download of the tool needed to collect the build logs was 150MB).<br>
<br>
> What would be very good is to call static analyzers during the build/testing<br>
> process (as an option). Has somebody experiences with such things ? CLang<br>
> static analyzer ?<br>
<br>
We have used cppcheck - but not integrated into the build process.<br>
There are also some good options for gcc (eg. -Weffc++).<br>
<br>
I didn't know clang's scan-build[1] before Even Rouault mentioned it on #qgis.<br>
Maybe we could use that with travis. But it's not packaged in ubuntu and<br>
apparently you have to build clang to get it.<br>
<br>
<br>
Jürgen<br>
<br>
[1] <a href="http://clang-analyzer.llvm.org/" target="_blank">http://clang-analyzer.llvm.<u></u>org/</a><br>
<br>
<br>
--<br>
Jürgen E. Fischer norBIT GmbH Tel. +49-4931-918175-31<br>
Dipl.-Inf. (FH) Rheinstraße 13 Fax. +49-4931-918175-50<br>
Software Engineer D-26506 Norden <a href="http://www.norbit.de" target="_blank">http://www.norbit.de</a><br>
QGIS release manager (PSC) Germany IRC: jef on FreeNode<br>
______________________________<u></u>_________________<br>
Qgis-developer mailing list<br>
<a href="mailto:Qgis-developer@lists.osgeo.org" target="_blank">Qgis-developer@lists.osgeo.org</a><br>
<a href="http://lists.osgeo.org/mailman/listinfo/qgis-developer" target="_blank">http://lists.osgeo.org/<u></u>mailman/listinfo/qgis-<u></u>developer</a></blockquote></div>