[offtopic] Coverity . . .

Frans Englich frans.englich at telia.com
Thu Apr 20 00:10:59 BST 2006

On Wednesday 19 April 2006 22:45, Alexander Neundorf wrote:

> /me wonders how hard it would be to implement something similar but simpler
> e.g. with the output from gcc-xml

Adriaan, Frerich and I have bounced that a bit in private mail, and I've 
wanted to implement it in playground/utils/defense(which was planned to be an 
analysis tool/error checker; development currently stalled). Currently 
gcc-xml only outputs declarations, not definitions(if statements etc), which 
severely limits the possibilities.

But it would still be possible to verify API naming(KDE policies), and the 
type of tests you can do with definitions(proper types for operators, no 
weird overrides of base classes, etc).

However, on the gccxml list(now unsubscribed) there was bounced back forth 
patches with exported the intermediate representation(IR), so I bet it's only 
a question of time.

It would certainly be interesting. One could write the tests in XQuery or 
XSL-T, meaning it would be very safe, easy and quick to rewrite. I think C++ 
or any other procedural language would be an indescribable pain for doing 
such queries("for each class member of every class which is a derived class 
of ..., whose return type is ... and which is used ... do ... ").

In the long term, I think there will be open source code analyzers which can 
compete with the commercial ones. According to my opinion, software testing 
has exploded the last couple of years, and the explanation is that hardware 
and software have become sufficiently sophisticated building blocks for 
making it possible(cmake's dashboard is a good example).



More information about the kde-core-devel mailing list