Boost Users :

Subject: Re: [Boost-users] Using static code checkers against the Boost code base
From: Niall Douglas (s_sourceforge_at_[hidden])
Date: 2014-12-05 08:24:54

• Next message: dariomt: "Re: [Boost-users] [Boost.SIMD] Interest in library"
• Previous message: cpp_learner: "[Boost-users] Boost Serialization - Overriding builtin implementation for std::wstring"
• In reply to: Hickman, Steve (AdvTech): "[Boost-users] Using static code checkers against the Boost code base"
• Next in thread: Richard: "Re: [Boost-users] Using static code checkers against the Boost code base"
• Reply: Richard: "Re: [Boost-users] Using static code checkers against the Boost code base"

On 4 Dec 2014 at 18:30, Hickman, Steve (AdvTech) wrote:

> I don't know if there is a policy yet on using static code checkers on
> the Boost code base as part of the release cycle. Given that the Visual
> Studio 2012 Analyzer tool I'm using just picked up 3 issues in the 1.57
> release (I've posted TRAC items on them already), I suspect not.

The policy is that this is up to each library maintainer. Some do,
some don't. Of those that do, coverage is usually fairly restricted
to one or two analysers.

> I would like to encourage such a policy. Boost is, among other things,
> about quality. This is a way to enhance quality. For people like me who
> work in safety critical fields, it is vital. I cannot use Boost
> libraries if they can't be certified. Static analyzers can help insure
> quality, which makes it easier to qualify these tools.
>
> There are many tools available. Some, like CppCheck, are open source.
> Others are built into development environments (aforementioned VS
> Analyzer, Clang tools, etc.). Further, I suspect that tool vendors could
> be convinced it would be good PR to have their tools used by Boost, so I
> suspect even those with paid licenses can be made available for free.

I think you would be surprised at how unfree licences are for free
software.

Setting this stuff up is not free, including renting the CI testing
resources.

As I'm on the Boost.Thread maintainence team, I hereby solicit any
funding you or anyone else can provide to improve the static testing
of Boost.Thread, and to be specific:

1. The renting of a dedicated server for a Jenkins installation on an
ongoing basis.

2. The licencing of the installations of Microsoft Windows required
and any static testing tools required.

3. The hourly rate, at approximately $150/hour, of someone qualified
in CI config to set all this up for Boost.Thread. I should estimate
160 - 200 hours might do it. And then their hourly rate on an ongoing
basis to maintain it e.g. security patches and updates.

If you or anyone else can supply any or all of this, we on the
Boost.Thread team are very interested to hear from you.

Niall

-- 
ned Productions Limited Consulting
http://www.nedproductions.biz/ 
http://ie.linkedin.com/in/nialldouglas/

• application/x-pkcs7-signature attachment: SMime.p7s

• Next message: dariomt: "Re: [Boost-users] [Boost.SIMD] Interest in library"
• Previous message: cpp_learner: "[Boost-users] Boost Serialization - Overriding builtin implementation for std::wstring"
• In reply to: Hickman, Steve (AdvTech): "[Boost-users] Using static code checkers against the Boost code base"
• Next in thread: Richard: "Re: [Boost-users] Using static code checkers against the Boost code base"
• Reply: Richard: "Re: [Boost-users] Using static code checkers against the Boost code base"

Boost-users list run by williamkempf at hotmail.com, kalb at libertysoft.com, bjorn.karlsson at readsoft.com, gregod at cs.rpi.edu, wekempf at cox.net