On Thu, Sep 24, 2015 at 4:23 PM, Nicholas Nethercote <n.netherc...@gmail.com > wrote:
> On Thu, Sep 24, 2015 at 2:29 PM, Ehsan Akhgari <ehsan.akhg...@gmail.com> > wrote: > > On 2015-09-24 1:41 PM, Sylvestre Ledru wrote: > >> > >> * Coverity, a proprietary tool with a great (but slow) web interface. > > > > Does anybody look at these regularly? I would be interested to know if > they > > produce high quality results these days. My past experience with > Coverity > > has been that it's full of false positivies. > > Eric Rahm looks at them regularly. He's on PTO until next week. From > what he's told me the false positive rate is quite high, and the true > positives are mostly small things like leaks on error paths, but > occasionally it finds something significant. He's been looking at them > for some time which suggests he thinks it's worth the effort. > I've described our Coverity results as a "good first bug generator". There are a ton of little local things to fix. One interesting analysis it has that I don't think we've taken advantage of is that it reports when most, but not all, calls to a function have their return value checked. In addition to indicating possible places where we might need to do more checks, it also hints at functions that maybe should have MOZ_WARN_UNUSED_RESULT added. ps. "infer" uses separation logic, which happens to be a topic I know a bit about, if anybody wants to know more about it. Andrew > > Nick > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
