Coverity static analysis for C, C++ and Java code
Matthias Klose
doko at ubuntu.com
Mon Apr 8 12:57:02 UTC 2013
Am 08.04.2013 14:13, schrieb James Hunt:
> As a precis of my earlier blog post [1], I'd like to encourage those involved
> with a C, C++ or Java project in Ubuntu to take a look at the Coverity Scan
> static-analysis service offered free to OSS projects [2].
>
> We're already using it for critical packages including Upstart and Whoopsie [3],
> but it would be great to expand its scope to make it use the norm rather than
> the exception.
Did it catch the wrong use of the malloc attribute in upstart? ;)
> For those who have either never used static analysis tools, or have simply never
> used Coverity, don't fall into the trap of thinking that "gcc -pedantic -Wall"
> should be good enough for anyone - it simply is not.
I don't know where you did get this from ... Anyway, not using -Wextra leaves
out more things.
while not static analysis tools, you might want to look at -fsanitize=address
and -fsanitize=thread in GCC 4.8 (available in the ubuntu-toolchain-r/test PPA).
There's also clang --analyze, scan-view and scan-build in the clang package as a
static analyzer.
And all of these are free software.
Matthias
More information about the ubuntu-devel
mailing list