Hi Pat, Trevor is working on setting it up. He is not quite ready for people to look at it, yet (might be up and down a bit). I can send out instructions when it is stable enough to evaluate.
Thanks, Bill. > -----Original Message----- > From: Lankswert, Patrick > Sent: Tuesday, July 14, 2015 11:20 AM > To: Dieter, William R; iotivity-dev at lists.iotivity.org > Subject: RE: Static Analysis > > Bill, > > I would like to see the output. How hard is it to setup? > > Pat > > > -----Original Message----- > > From: iotivity-dev-bounces at lists.iotivity.org [mailto:iotivity-dev- > > bounces at lists.iotivity.org] On Behalf Of Dieter, William R > > Sent: Tuesday, July 14, 2015 10:51 AM > > To: iotivity-dev at lists.iotivity.org > > Subject: [dev] Static Analysis > > > > One of the original plans for the Linux Foundation infrastructure was > > to use Sonar to run the SonarQube C++ plug-in. We have run into a few > > problems using the commercial plug-in, however there are several > > community plug-ins for C/C++ code: > > > > * vera++ (for checking style) > > * cppcheck (static analysis checking for buffer overflows, memory, and > > other > > problems) > > * RATS (checking for security problems, including buffer overflows) > > > > We could enable these checks to run through Jenkins during verification > builds. > > The idea would be that the static analysis checkers could point out > > potential problems and be an aid to code reviewers. The tools are all > > open source so contributors could run them locally, too. > > > > The implementation plan would be to first make the static analysis > > information available, but not have it give a +1 or -1. After some > > period (and tweaking of rules), if the community thinks it is helpful, > > Sonar could give a -1 when certain checks fail based on the observed track > record. > > > > Before implementing this, we would like to know if there is community > > support for it. Is this something people would find useful? Are > > there any objections to just making the analysis available (without > automatic +/-1)? > > > > Thanks, > > Bill. > > > > _______________________________________________ > > iotivity-dev mailing list > > iotivity-dev at lists.iotivity.org > > https://lists.iotivity.org/mailman/listinfo/iotivity-dev
