Antony Polukhin wrote:
2012/2/29 Phil Endecott <spam_from_boost_dev@chezphil.org>:
Anthony, did you search the mailing list archive for "coverity"? ?See e.g. this thread:
http://thread.gmane.org/gmane.comp.lib.boost.devel/185556/focus=185588 (and try to ignore the 75% of the posts that aren't helpful...)
I was talking here about the exactly same tool. In thread that you supported no clear answer to shall we use it or not.
My recollection is: - The license is obnoxious, but many people could probably agree to it because you do have the choice of just walking away if you later decide that you don't like it. (People who contribute to Boost as part of their employment might have stricter restrictions on what they can agree to, though.) - Crucially the people who are shown the secret Coverity reports are not allowed to show them to anyone else. While this might work for other projects, because Boost is a collection of libraries that are only loosely coupled we don't have a single individual who could evaluate all the reports and prepare fixes for every library. Instead, we'd need to have each individual library author sign up with Coverity. - As with most things, the ultimate limitation is probably that everyone has more urgent things to do. At the technical level, I'd be interested to know how well Coverity copes with template (header-only) library functionality. Can it analyse templates in isolation, without a concrete instantiation? If it does, does that lead to false positives due to "documentation-only" preconditions? There are similar issues with compiler warnings and errors. Regards, Phil.