harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sian January" <sianjanu...@googlemail.com>
Subject Re: [external] One more opportunity of QA for Harmony
Date Thu, 10 Jan 2008 13:58:13 GMT
+1

I think it would be really good to scan the classlib code.  I spent some
time last year fixing bugs found by FindBugs and although a lot of them were
minor there were a handful of quite serious ones that were definitely worth
the time spent.  There is a fair amount of manual post-evaluation work, but
surely it can't hurt to get the report and then fix the issues as and when
people have time.



On 10/01/2008, Aleksey Shipilev <aleksey.shipilev@gmail.com> wrote:
>
> I'm convinced that the more bug reports you have the better, even if
> they are generated by automatic tools like this one - because it's
> always better to know where to go next rather than keeping false sense
> of complete validity. That mean, I don't like to think "There are
> enough bugs, don't post anything else". Of course, the evaluation need
> some human intervention, if not, why we are here? :)
>
> But before obtaining such the list we should express the willingness
> to complete such the scan. For number of security reasons, Coverity
> accepts such disclaimers only from project developers, probably from
> those who called "committers" in terms of ASF.
>
> Thanks,
> Aleksey.
>
> On Jan 10, 2008 4:00 PM, Alexei Fedotov <alexei.fedotov@gmail.com> wrote:
> > Alexey,
> >
> > Vladimir Nenashev evaluated this and related tools last year. We had
> > experience that bugs found by automatic tools generally require manual
> > post-evaluation, so we decided to delay an application since we had
> > enough bugs to fix at that moment. If one has time to evaluate the
> > Coverity scan results, I believe he is very welcome to apply. This
> > would be interesting experience I think. :-)
> >
> > Thanks.
> >
> >
> >
> > On Jan 10, 2008 2:40 PM, Aleksey Shipilev <aleksey.shipilev@gmail.com>
> wrote:
> > > Hi All,
> > >
> > > I've just recently noticed the tool [1] developed by Coverity, which
> > > does static code analysis for projects. It seems to be used by major
> > > OSS players as another opportunity for QA: that include but no limited
> > > to Linux kernel, Samba, Perl, Python, PHP. Moreover, they recently
> > > introduce Java support. Even though it's focus is security, judging on
> > > reports it could detect memory leaks and other stability-important
> > > stuff. I think it's worth to try scan Harmony. What do you think?
> > >
> > > Thanks,
> > > Aleksey.
> > >
> > > [1] http://scan.coverity.com/
> > >
> >
> >
> >
> > --
> > With best regards,
> > Alexei,
> > ESSD, Intel
> >
>



-- 
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number
741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message