[webkit-dev] Pre-proposal: Adding a Coverity instance for WebKIt
Filip Pizlo
fpizlo at apple.com
Mon Sep 17 20:27:23 PDT 2012
Annotations to spoonfeed a static analysis would make me profoundly unhappy.
-Filip
On Sep 17, 2012, at 8:13 PM, Hajime Morrita <morrita at chromium.org> wrote:
> On Tue, Sep 18, 2012 at 8:46 AM, Eric Seidel <eric at webkit.org> wrote:
>> On Mon, Sep 17, 2012 at 6:35 PM, Benjamin Poulain <benjamin at webkit.org> wrote:
>> > On Mon, Sep 17, 2012 at 4:11 PM, James Hawkins <jhawkins at chromium.org>
>> > wrote:
>> >>
>> >> A few details:
>> >> * Google will front the cost of the license (non-zero...very far from
>> >> zero) and the infrastructure.
>> >> * I'd leave it up to the WebKit leadership to decide who has access (most
>> >> likely limited to WebKit committers for security purposes).
>> >>
>> >> The biggest rationale is to provide a strong defect signal for the entire
>> >> WebKit community, which would directly impact the success of all
>> >> WebKit-based projects. Coverity has provided free licenses for unsponsored
>> >> (by larger corporations anyway) open-source projects; this has resulted in
>> >> significant improvements [2] to the code bases of these projects, one of
>> >> which I was directly involved with years ago (Wine).
>> >
>> >
>> > I am a little skeptical of Coverity because of bad patches that originated
>> > for its report (sometimes even discussed on webkit-dev). I think we should
>> > keep in mind the tool also make many mistakes and we should not blindly
>> > follows it.
>> >
>> > Could this be integrated with the EWS like a kind of advanced "style check"?
>>
>> I think this is a great idea, and would be trivial if coverity could
>> be convinced to run on a diff file, or if we could wrap it in a script
>> to only report errors on the changed lines. Either sounds very
>
> And/Or are we going to allow inline annotations?
> The practice Coverity suggested is to adding such annotations.
> http://scan.coverity.com/best-practice.html
>
> I personally think it's worth having inline annotations because it can also help human code readers, so I'm curious what other folks think about that.
>
>> doable. The EWS infrastructure is already in place once such a script
>> exists.
>>
>> > Reporting possible improvements before patches lands would be more useful
>> > than a separate bot.
>> >
>> > Benjamin
>> >
>> > _______________________________________________
>> > webkit-dev mailing list
>> > webkit-dev at lists.webkit.org
>> > http://lists.webkit.org/mailman/listinfo/webkit-dev
>> >
>> _______________________________________________
>> webkit-dev mailing list
>> webkit-dev at lists.webkit.org
>> http://lists.webkit.org/mailman/listinfo/webkit-dev
>
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> http://lists.webkit.org/mailman/listinfo/webkit-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20120917/23643f01/attachment.html>
More information about the webkit-dev
mailing list