[sldev] Static code analysis

[Gareth Nelson]

I see no reason why in the meantime the community can't use this tool
using the free trial

On Mon, Jan 12, 2009 at 4:13 AM, Soft <soft at lindenlab.com> wrote:
> On Sun, Jan 11, 2009 at 7:57 PM, Jason Giglio <gigstaggart at gmail.com> wrote:
>> Sheet Spotter wrote:
>>> I stumbled into a code analysis tool from Coverity that claims to
>>> identify source code flaws through an elaborate static code analysis
>>> with a lower "false positive" rate than similar tools. Coverity seems to
>>> offer their tool (or their services?) free of charge to open source
>>> projects.
>>
>> I went through this a couple years ago.
>>
>> The conclusion of the thread was that Linden Lab already licensed
>> Coverity internally, and they weren't going to release the results of
>> the report to us.  There were some vague excuses about security or
>> something, and that the open source community can't really help fix
>> those kinds of bugs anyway.
>
> The problem is that the Coverity report is generated against the full
> build, including server components and things where we don't have a
> license to redistribute code. If we renew our Coverity license (that's
> up in the air - I'd heard that it's hugely expensive), the plan is to
> get a separate analysis running against the very same code that's
> exported, and to export that routinely.
> _______________________________________________
> Policies and (un)subscribe information available here:
> http://wiki.secondlife.com/wiki/SLDev
> Please read the policies before posting to keep unmoderated posting privileges
>



-- 
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html