Subject: Re: [boost] Coverity Static Code Analysis
From: Gennaro Prota (gennaro.prota_at_[hidden])
Date: 2009-02-04 10:36:35
Mathias Gaunard wrote:
> Gennaro Prota wrote:
>> Boost ("most expertly designed in the world", etc.)
> It's a quote from someone which is quite known,
> it's not like it is being stated as being the truth.
Well, for it to be true it should make sense, first. What does
"expertly designed" mean? Boost is a collection of components;
there has been no "single design" anywhere (actually the only
"design" choices affecting every component that come to my mind
are terrible: e.g. those about the directory structure; or the
usage of the same "detail" namespace for every library). And
"expertly designed project" --as opposed e.g. to "expertly
designed software"-- is simple nonsense to me.
> It's a bit catchy, still, but is nowhere near as bad as the Apple
> advertisements, for example.
There's always someone who does worse :-)
And everyone makes more or less ridicolous claims for quality
(or conformity). In fact, the only quality I've seen is in
projects where --by contract-- you pay money for defects and
downtime (yes, let's stop calling it "bugs", as if they were
pretty harmless annoyances making their occasional appearance
here and there but with no substantial effect on a well working
What one would heartedly hope is for someone doing our job to be
perfectly able to identify the false claims.
>> The "new"
>> lexical_cast is a close friend, and there are simply authors who
>> don't know where the house of simplicity is (looking at the
>> source code of one of the tools I found boost::tuple used
>> --which in turn meant type_traits, which in turn meant mpl,
>> lambda and God knows what-- when std::pair would just do). I
>> could continue for hours, really (but please don't ask).
> Is it that important than some libraries depend on basic building
> blocks, even when they could use less flexible building blocks with a
> simpler implementation?
> A pair is simply the tuple of the poor.
I'm afraid that if I wanted to really reply to this I'd have to
question your professional skills. Significantly. Which I don't
want to do.
> Are you concerned with the time to compile the thing, or simply with
Are you aware of what dependencies imply?
>> At the
>> end of the day, nobody is going to complain to anyone, because
>> everything is "volunteer contribution". That may be humanly
>> understandable, but don't expect to have quality in this kind of
>> ecosystem ("patches are welcome", "if you notice anything wrong
>> you can fix it" are easy escapes: you don't produce solid
>> software by trial and error, nor you can really fight the
>> mentality of an overwhelming majority).
> What do you think the review system is for?
In Boost? Almost nothing. It depends on who happens to be around
at the moment, who is interested in the library and how the
review manager happens to judge all the feedback. And after
something has been approved it can get completely changed
without the slightest discussion (I'm speaking "against" myself
here: I rewrote dynamic_bitset completely). And it isn't a
review process; it's just an "if you have comments, please
post". Many people will come up with good points but that's not
the question. It remains that the whole thing is quasi-random.
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk