Hi all, Is this something we want to sign up to? https://continuousassurance.org/
After a quick browse around their website, they seem to offer a platform that runs static analysis tools. We can run them ourselves (and have done so not so long ago), but it is nice to have a website do it for all of us. (unfortunately, not many of us compile with clang; I gave up the fight on Windows a while back, and will have to try again later)
cheers, Johan
On Tue, 2014-07-29 at 23:11 +0200, Johan Engelen wrote:
After a quick browse around their website, they seem to offer a platform that runs static analysis tools. We can run them ourselves (and have done so not so long ago), but it is nice to have a website do it for all of us. (unfortunately, not many of us compile with clang; I gave up the fight on Windows a while back, and will have to try again later)
I was with the LibreOffice team at their recent Hackfest. They use clang for their C++ codebase, and were running speed testing. And I wondered how much overlap there might be, how much we could learn from each other.
Does anyone maintain a connection with LibreOffice development?
Martin,
I can ping someone. What do you want to know, exactly?
Alex 30 июля 2014 г. 2:07 пользователь "Martin Owens" <doctormo@...39...3...> написал:
On Tue, 2014-07-29 at 23:11 +0200, Johan Engelen wrote:
After a quick browse around their website, they seem to offer a platform that runs static analysis tools. We can run them ourselves (and have done so not so long ago), but it is nice to have a website do it for all of us. (unfortunately, not many of us compile with clang; I gave up the fight on Windows a while back, and will have to try again later)
I was with the LibreOffice team at their recent Hackfest. They use clang for their C++ codebase, and were running speed testing. And I wondered how much overlap there might be, how much we could learn from each other.
Does anyone maintain a connection with LibreOffice development?
Martin,
Infragistics Professional Build stunning WinForms apps today! Reboot your WinForms applications with our WinForms controls. Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.cl... _______________________________________________ Inkscape-board mailing list Inkscape-board@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/inkscape-board
On Tue, Jul 29, 2014 at 11:11:13PM +0200, Johan Engelen wrote:
Hi all, Is this something we want to sign up to? https://continuousassurance.org/
After a quick browse around their website, they seem to offer a platform that runs static analysis tools. We can run them ourselves (and have done so not so long ago), but it is nice to have a website do it for all of us. (unfortunately, not many of us compile with clang; I gave up the fight on Windows a while back, and will have to try again later)
Perhaps you could drop them a line and see if they have special offers for open source / non-profit projects like us? Coverity has done this for various projects.
In any case, before forming an opinion on this I'd want to know the ballpark cost, and what the results/output looks like.
From past experience I know that the trick with static analysis tools is
less in the actual running of them, and more in following up on getting the discovered issues resolved, so another question would be if we have volunteers interested in working on those issues.
I also suspect that 90% of the benefit will be gained from the first run, since it'll flag a ton of issues. Once we've addressed all those, the amount of new issues that crop up over time should be much smaller. So if it ends up being very expensive, we could consider signing up for the minimum amount of time just to get the raw list of issues.
Bryce
On Wed, 2014-07-30 at 00:41 -0700, Bryce Harrington wrote:
On Tue, Jul 29, 2014 at 11:11:13PM +0200, Johan Engelen wrote:
Hi all, Is this something we want to sign up to? https://continuousassurance.org/
After a quick browse around their website, they seem to offer a platform that runs static analysis tools. We can run them ourselves (and have done so not so long ago), but it is nice to have a website do it for all of us. (unfortunately, not many of us compile with clang; I gave up the fight on Windows a while back, and will have to try again later)
Perhaps you could drop them a line and see if they have special offers for open source / non-profit projects like us? Coverity has done this for various projects.
In any case, before forming an opinion on this I'd want to know the ballpark cost, and what the results/output looks like.
I just looked, it's free.
From past experience I know that the trick with static analysis tools is
less in the actual running of them, and more in following up on getting the discovered issues resolved, so another question would be if we have volunteers interested in working on those issues.
I think this looks quite interesting. I would help out.
I also suspect that 90% of the benefit will be gained from the first run, since it'll flag a ton of issues. Once we've addressed all those, the amount of new issues that crop up over time should be much smaller. So if it ends up being very expensive, we could consider signing up for the minimum amount of time just to get the raw list of issues.
Tav
On Wed, Jul 30, 2014 at 10:14:34AM +0000, J.B.C. Engelen (Johan) wrote:
Op 30-07-2014 om 09:49, schreef Tavmjong Bah <tavmjong@...47...>:
On Wed, 2014-07-30 at 00:41 -0700, Bryce Harrington wrote: On Tue, Jul 29, 2014 at 11:11:13PM +0200, Johan Engelen wrote: Hi all, Is this something we want to sign up to? https://continuousassurance.org/ After a quick browse around their website, they seem to offer a platform that runs static analysis tools. We can run them ourselves (and have done so not so long ago), but it is nice to have a website do it for all of us. (unfortunately, not many of us compile with clang; I gave up the fight on Windows a while back, and will have to try again later) Perhaps you could drop them a line and see if they have special offers for open source / non-profit projects like us? Coverity has done this for various projects. In any case, before forming an opinion on this I'd want to know the ballpark cost, and what the results/output looks like. I just looked, it's free.Yes, sorry forgot to mention. This is why I suggested it.
Ah, excellent. Well, if no money expenditures are needed, then it sounds like a regular development activity, so no board decision needs to be made. Personally I think static analysis tools are great and should be used. You might float your proposal on inkscape-devel@ to get wider buy in though.
I pretty strongly believe we should move towards heavy use of these tools, and requiring clean builds from any branch work etc. before it is merged. We've had many bugs that would have been easily resolved by these tools. Last time I ran clang I got a ton of potential bugs with very few false positives. The list included links to source and traces through source, some with 40+ decision steps along the way.
I've signed myself up and will sign Inkscape up as a project. Let's see how it works out.
Sounds good. Let's continue discussion about it on inkscape-devel@...89...
Meanwhile, if you have access to clang: have a look. GCC has improved a lot too (perhaps because of clang). clang's scanbuild is amazing. clang's address-sanatizer is *amazing* (from what I've seen in talks), but I have not tested it myself.
Perhaps an item for the roadmap would be to set up a consistent set of static (and non-static) testing tools (perhaps invokable from make), which could be run from a centralized location. (Again though... another topic for inkscape-devel@ discussion.)
Thanks, Bryce
Very briefly on current status: I have an open ticket about problems building Inkscape (dependencies it seems).
-Johan
On 7-8-2014 2:44, Bryce Harrington wrote:
On Wed, Jul 30, 2014 at 10:14:34AM +0000, J.B.C. Engelen (Johan) wrote:
Op 30-07-2014 om 09:49, schreef Tavmjong Bah <tavmjong@...47...>:
On Wed, 2014-07-30 at 00:41 -0700, Bryce Harrington wrote: On Tue, Jul 29, 2014 at 11:11:13PM +0200, Johan Engelen wrote: Hi all, Is this something we want to sign up to? https://continuousassurance.org/ After a quick browse around their website, they seem to offer a platform that runs static analysis tools. We can run them ourselves (and have done so not so long ago), but it is nice to have a website do it for all of us. (unfortunately, not many of us compile with clang; I gave up the fight on Windows a while back, and will have to try again later) Perhaps you could drop them a line and see if they have special offers for open source / non-profit projects like us? Coverity has done this for various projects. In any case, before forming an opinion on this I'd want to know the ballpark cost, and what the results/output looks like. I just looked, it's free.Yes, sorry forgot to mention. This is why I suggested it.
Ah, excellent. Well, if no money expenditures are needed, then it sounds like a regular development activity, so no board decision needs to be made. Personally I think static analysis tools are great and should be used. You might float your proposal on inkscape-devel@ to get wider buy in though.
I pretty strongly believe we should move towards heavy use of these tools, and requiring clean builds from any branch work etc. before it is merged. We've had many bugs that would have been easily resolved by these tools. Last time I ran clang I got a ton of potential bugs with very few false positives. The list included links to source and traces through source, some with 40+ decision steps along the way.
I've signed myself up and will sign Inkscape up as a project. Let's see how it works out.
Sounds good. Let's continue discussion about it on inkscape-devel@...89...
Meanwhile, if you have access to clang: have a look. GCC has improved a lot too (perhaps because of clang). clang's scanbuild is amazing. clang's address-sanatizer is *amazing* (from what I've seen in talks), but I have not tested it myself.
Perhaps an item for the roadmap would be to set up a consistent set of static (and non-static) testing tools (perhaps invokable from make), which could be run from a centralized location. (Again though... another topic for inkscape-devel@ discussion.)
Thanks, Bryce
participants (7)
-
Alexandre Prokoudine -
Bryce Harrington -
J.B.C. Engelen (Johan) -
Johan Engelen -
Josh Andler -
Martin Owens -
Tavmjong Bah