[Qgis-developer] QGIS and Coverity scans
Nyall Dawson
nyall.dawson at gmail.com
Wed Feb 11 14:03:42 PST 2015
On 12 February 2015 at 00:18, Jürgen E. <jef at norbit.de> wrote:
> Hi Hugo,
>
> On Wed, 11. Feb 2015 at 14:04:56 +0100, Hugo Mercier wrote:
>> I am curious about Coverity. AFAIK, the static analyzer is not open source,
>> right ? So this works as long as they offer if freely for open source
>> projects.
>
> Right. It's propietary. And IMHO it's also a heavy depencency (IIRC the
> download of the tool needed to collect the build logs was 150MB).
>
>> What would be very good is to call static analyzers during the build/testing
>> process (as an option). Has somebody experiences with such things ? CLang
>> static analyzer ?
>
> We have used cppcheck - but not integrated into the build process.
> There are also some good options for gcc (eg. -Weffc++).
I also don't see the non-open source nature of this tool as an issue.
I think with things like this the more analysers we can throw at the
code the better. So cppcheck, scan-build etc should all be used in
parallel to Coverity.
Coverity has the positive that it's seen as a highly respected,
industry-leading tool. So being able to show that it reports our code
as clean (or nearly clean) is a strong argument to QGIS' code quality.
One thing I forgot to mention initially: if anyone's working on
addressing/checking issues on Coverity, please make sure to use the
triage status tools and flag issues as Fix Submitted/False Positive so
that we don't duplicate effort.
Nyall
More information about the Qgis-developer
mailing list