On 4/21/2011 3:59 AM, Roger Binns wrote: > On 04/20/2011 06:54 AM, thilo wrote: > > They are a great tool ensuring programs have fewer memory leaks, thread > > issues and the like and if one has access to their results, please USE > > it and judge the false positives with human eyes - strcpy & fprintf are > > not security risks by themselves but only in an application context. > > Reviews (human & automated) are always a good step towards a stable > > codebase! > > What you have missed is that the tool you pointed to is crap. It gives > noisy useless results. Apologies, *I* didn't point to that tool! I used coverity in a professional environment and found this particular great for sniffing those uninitialized or freed pointers and dead code! And for their advertisment (as well homeland securities) sake they make the results to open-source projects available for free. Tools like coverity do have an exaggerated price tag. > > In addition to their brains the SQLite team also uses other tools such as > the compiler, Coverity, clang etc. Then they have a test suite with full Your mail did leave the impression to me that the sqlite owners did not read the coverity results, if I got this wrong - good!!
cheers thilo > MCDC coverage which means all code has to be read to be tested that > much (on > several platforms). All changes are public (see the timeline) and on rare > occasions other people may have observations. > > In other words the existing tools and brains are orders of magnitude > better > than that tool. No one is against tools to improve the integrity of > products but that one contributes nothing. > If you believe it shows things existing tools don't then please enlighten > us. The evidence at the moment is that it wastes time better spent with > other tools and human review. > > Roger _______________________________________________ sqlite-users mailing list [email protected] http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
_______________________________________________ sqlite-users mailing list [email protected] http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
