I got a run of something like Coverity a few months ago. https://issues.apache.org/jira/browse/QPID-2645. The Qpid code base had something like 0.14 complaints per 1000 lines of code (32 issues / 224k LoC), 300x better than industry average. And even the complaints could be argued.
In the proposed fixes for issue 2645: 1. use-after-free case only prints the address of the object that was freed 2. use-without-null-test prints the object address 3. Using "delete this" in object destructor. If that was going to be a problem your test system would have melted down a long time ago. If you are interested in getting Coverity results published for the project you get my +1 -Chuck ----- "Ken Giusti" <[email protected]> wrote: > From: "Ken Giusti" <[email protected]> > To: [email protected] > Sent: Wednesday, November 3, 2010 9:58:26 AM GMT -05:00 US/Canada Eastern > Subject: static analysis > > Hi all, > > While cruising slashdot (guilty pleasure), I found that Coverity > offers their static analysis code tool for qualifying open source > projects. See: > > http://scan.coverity.com/ > > I've used this tool in the past on a previous employer's large C++ > project. As with any automated code checker, the signal/noise ratio > can be rather bad, but it did find a few real issues. > > From what I can tell, the project doesn't get access to the tool - > rather, Coverity runs the tool over the sources and makes the results > available to the project. There's a faq for getting a project signed > up: http://scan.coverity.com/developers-faq.html To get started > we'd have to designate an official contact. > > Thoughts? > > > -K > > --------------------------------------------------------------------- > Apache Qpid - AMQP Messaging Implementation > Project: http://qpid.apache.org > Use/Interact: mailto:[email protected] --------------------------------------------------------------------- Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:[email protected]
