From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 15927 invoked by alias); 25 Apr 2014 15:53:31 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 15906 invoked by uid 89); 25 Apr 2014 15:53:30 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-6.0 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 X-HELO: mho-02-ewr.mailhop.org Received: from mho-02-ewr.mailhop.org (HELO mho-02-ewr.mailhop.org) (204.13.248.72) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-SHA encrypted) ESMTPS; Fri, 25 Apr 2014 15:53:29 +0000 Received: from pool-173-76-43-57.bstnma.fios.verizon.net ([173.76.43.57] helo=cgf.cx) by mho-02-ewr.mailhop.org with esmtpa (Exim 4.72) (envelope-from ) id 1WdiRL-000Ofl-78 for cygwin@cygwin.com; Fri, 25 Apr 2014 15:53:27 +0000 Received: from ednor (ednor.casa.cgf.cx [192.168.187.5]) by cgf.cx (Postfix) with SMTP id 746B8600D0 for ; Fri, 25 Apr 2014 11:53:24 -0400 (EDT) Received: by ednor (sSMTP sendmail emulation); Fri, 25 Apr 2014 11:53:24 -0400 X-Mail-Handler: Dyn Standard SMTP by Dyn X-Report-Abuse-To: abuse@dyndns.com (see http://www.dyndns.com/services/sendlabs/outbound_abuse.html for abuse reporting information) X-MHO-User: U2FsdGVkX1+SxpLT20AiKlts7Fxp35AT Date: Fri, 25 Apr 2014 15:53:00 -0000 From: Christopher Faylor To: cygwin@cygwin.com Subject: Re: Coverity Scan Message-ID: <20140425155324.GA2412@ednor.casa.cgf.cx> Reply-To: cygwin@cygwin.com Mail-Followup-To: cygwin@cygwin.com References: <5359F391.8060309@tiscali.co.uk> <20140425083500.GA5666@calimero.vinschen.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20140425083500.GA5666@calimero.vinschen.de> User-Agent: Mutt/1.5.20 (2009-06-14) X-SW-Source: 2014-04/txt/msg00573.txt.bz2 On Fri, Apr 25, 2014 at 10:35:00AM +0200, Corinna Vinschen wrote: >On Apr 25 06:33, David Stacey wrote: >> Coverity Scan [1] is a commercial (paid for) static analysis tool, but >> they offer it to Open Source programmes for free. I was having a browse >> through the list of Open Source programmes using Coverity Scan, and >> noticed that Cygwin wasn't listed. Would there be any interest in >> analysing the cygwin1.dll source code on a fairly regular basis? If so, >> I would be happy to have a go at setting up an analysis job for Cygwin. >> >> I would imagine this would be of interest to CGF, Corinna and anyone >> else who regularly updates the Cygwin source code. Obviously, this is >> only worth doing if the analysis results are looked at and acted upon. > >Depends. If the report contains lots of false positives, it's getting >annoying pretty quickly. We use coverity at work. It is annoying and it does have false positive but a lot of what look like false positives often turn out to be: "Oh, wait. (#*(&$ Yeah. That's a problem." If we could use coverity I'm sure it would be interesting if we can get it. cgf -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple