Very briefly on current status: I have an open ticket about problems building Inkscape (dependencies it seems).
-Johan
On 7-8-2014 2:44, Bryce Harrington wrote:
On Wed, Jul 30, 2014 at 10:14:34AM +0000, J.B.C. Engelen (Johan) wrote:
Op 30-07-2014 om 09:49, schreef Tavmjong Bah <tavmjong@...47...>:
On Wed, 2014-07-30 at 00:41 -0700, Bryce Harrington wrote: On Tue, Jul 29, 2014 at 11:11:13PM +0200, Johan Engelen wrote: Hi all, Is this something we want to sign up to? https://continuousassurance.org/ After a quick browse around their website, they seem to offer a platform that runs static analysis tools. We can run them ourselves (and have done so not so long ago), but it is nice to have a website do it for all of us. (unfortunately, not many of us compile with clang; I gave up the fight on Windows a while back, and will have to try again later) Perhaps you could drop them a line and see if they have special offers for open source / non-profit projects like us? Coverity has done this for various projects. In any case, before forming an opinion on this I'd want to know the ballpark cost, and what the results/output looks like. I just looked, it's free.Yes, sorry forgot to mention. This is why I suggested it.
Ah, excellent. Well, if no money expenditures are needed, then it sounds like a regular development activity, so no board decision needs to be made. Personally I think static analysis tools are great and should be used. You might float your proposal on inkscape-devel@ to get wider buy in though.
I pretty strongly believe we should move towards heavy use of these tools, and requiring clean builds from any branch work etc. before it is merged. We've had many bugs that would have been easily resolved by these tools. Last time I ran clang I got a ton of potential bugs with very few false positives. The list included links to source and traces through source, some with 40+ decision steps along the way.
I've signed myself up and will sign Inkscape up as a project. Let's see how it works out.
Sounds good. Let's continue discussion about it on inkscape-devel@...89...
Meanwhile, if you have access to clang: have a look. GCC has improved a lot too (perhaps because of clang). clang's scanbuild is amazing. clang's address-sanatizer is *amazing* (from what I've seen in talks), but I have not tested it myself.
Perhaps an item for the roadmap would be to set up a consistent set of static (and non-static) testing tools (perhaps invokable from make), which could be run from a centralized location. (Again though... another topic for inkscape-devel@ discussion.)
Thanks, Bryce