On Wed, Feb 18, 2015 at 2:57 PM, Nick Treleaven <nick.trelea...@btinternet.com> wrote: > > On 12/02/2015 21:21, Liviu Andronic wrote: >> >> Coverity has uncovered ~55 implementation defects in the code >> base, with 25 or so of high severity (memory corruption, resource >> leaks, etc.) > > > Thanks. Some of this should be useful, but AFAICT some of the serious items > seem to occur when certain assertions have failed, e.g. TagManager Assert, > which cause a lot of false positives. > Coverity has some facilities to deal with false positives. For instance, it is possible to classify an identified issue as "false positive" or "intentional", meaning that Coverity shall ignore it in future code scans.
But more usefully we can specify a Modeling File: "Static code analysis has some limitations in its ability to understand certain dynamic operations. This limitation may result in falsely detecting defects. Since most false-positive defects are caused by few functions in your code base, Coverity allows you to tell the analysis engine to treat these functions differently. This is called a Modeling File. By providing a modeling file, most projects reduce their false-positive rate to the ballpark of 10%." Maybe we should look into that? Cheers, Liviu > > _______________________________________________ > Devel mailing list > Devel@lists.geany.org > https://lists.geany.org/cgi-bin/mailman/listinfo/devel -- Do you think you know what math is? http://www.ideasroadshow.com/issues/ian-stewart-2013-08-02 Or what it means to be intelligent? http://www.ideasroadshow.com/issues/john-duncan-2013-08-30 Think again: http://www.ideasroadshow.com/library _______________________________________________ Devel mailing list Devel@lists.geany.org https://lists.geany.org/cgi-bin/mailman/listinfo/devel