On Sun, Oct 12, 2014, at 02:58 AM, Johan Engelen wrote:
On 12-10-2014 9:13, Christoffer Holmstedt wrote:
Great work! Awesome to see this for Inkscape, static
analysis is a must these days.
I feel the only way forward for our project is to use these tools.
I have never used Clang static analyzer, how good is it? a
lot of false-positives?
I have not seen many false positives, but they are there. However,
*all* false positives that I have seen in our codebase are the
result of very very poor code design, and it takes a while to figure
out that it is a false positive at all.
Clang's static analyzer is the best I have used and presents its
reports in a nice HTML page that helps to find and fix the problem.
It's also easy to set up btw. (use scan-build)
Yes, I'd agree with Johan's assessment overall. Clang has a few issues (warning on redundant assignment being one), but it helps far more to have it running reports than not. Coverity is much better, but Bryce and I have a bit more work with the company getting that setup and going again.
I'm traveling today, but once I'm home I can setup some wiki pages on Clang and its results. There are a few things that are helpful to know, common approaches for different warnings/scenarios, gotchas to keep an eye out on, etc. I've already started hammering some of those out with Johan, so collecting up and publishing our info can help the rest of the devs.
--
Jon A. Cruz
jon@...18...