On Wed, Feb 18, 2015 at 2:57 PM, Nick Treleaven nick.treleaven@btinternet.com wrote:
On 12/02/2015 21:21, Liviu Andronic wrote:
Coverity has uncovered ~55 implementation defects in the code base, with 25 or so of high severity (memory corruption, resource leaks, etc.)
Thanks. Some of this should be useful, but AFAICT some of the serious items seem to occur when certain assertions have failed, e.g. TagManager Assert, which cause a lot of false positives.
Coverity has some facilities to deal with false positives. For instance, it is possible to classify an identified issue as "false positive" or "intentional", meaning that Coverity shall ignore it in future code scans.
But more usefully we can specify a Modeling File: "Static code analysis has some limitations in its ability to understand certain dynamic operations. This limitation may result in falsely detecting defects. Since most false-positive defects are caused by few functions in your code base, Coverity allows you to tell the analysis engine to treat these functions differently. This is called a Modeling File. By providing a modeling file, most projects reduce their false-positive rate to the ballpark of 10%."
Maybe we should look into that?
Cheers, Liviu
Devel mailing list Devel@lists.geany.org https://lists.geany.org/cgi-bin/mailman/listinfo/devel