Boost logo

Boost Users :

Subject: Re: [Boost-users] Using static code checkers against the Boost code base
From: LeMay.Steve (Steve.Lemay_at_[hidden])
Date: 2014-12-04 13:55:51


Or maybe help to get Coverity to scan Boost as part of the open source static analysis efforts (if they don't already).

http://www.coverity.com/press-releases/coverity-scan-report-finds-open-source-software-quality-outpaces-proprietary-code-for-the-first-time/

SGL

From: Boost-users [mailto:boost-users-bounces_at_[hidden]] On Behalf Of Hickman, Steve (AdvTech)
Sent: Thursday, December 04, 2014 10:31 AM
To: boost-users_at_[hidden]
Subject: [Boost-users] Using static code checkers against the Boost code base

I don't know if there is a policy yet on using static code checkers on the Boost code base as part of the release cycle. Given that the Visual Studio 2012 Analyzer tool I'm using just picked up 3 issues in the 1.57 release (I've posted TRAC items on them already), I suspect not.

I would like to encourage such a policy. Boost is, among other things, about quality. This is a way to enhance quality. For people like me who work in safety critical fields, it is vital. I cannot use Boost libraries if they can't be certified. Static analyzers can help insure quality, which makes it easier to qualify these tools.

There are many tools available. Some, like CppCheck, are open source. Others are built into development environments (aforementioned VS Analyzer, Clang tools, etc.). Further, I suspect that tool vendors could be convinced it would be good PR to have their tools used by Boost, so I suspect even those with paid licenses can be made available for free.

Steve Hickman
System Architect, Flight Deck of the Future
480-236-8367



Boost-users list run by williamkempf at hotmail.com, kalb at libertysoft.com, bjorn.karlsson at readsoft.com, gregod at cs.rpi.edu, wekempf at cox.net