How to work with static analyzer output

Question

How to work with static analyzer output

We started using a static analyzer (Coverity) on our code base. We were stunned by the sheer number of warnings we received (hundreds of thousands of them), it only takes a few months to clear them all (unimaginably impossible).

the parameters that we have discussed so far,

1) hire a contractor to deal with the warning and fix them - it has a drawback: we will probably need a lot of people to make all these changes, and no contractor will need to understand the code.

2) filter the warning and apply it only to the dangerous ones - the problem is that our static analysis result will always be cluttered with a warning that makes it difficult for us to isolate the problems. also warning filtering is also a serious effort.

in any case, bringing our code to a state where a static analyzer can be a useful tool for us seems like a monumental task.

so how can you work with a static analyzer without going into ongoing full-rack development efforts?

+3

c ++ static-analysis

Jim Jan 15 '10 at 8:56

source share

8 answers

: ; 100 ; ; . : ; , ( ?); .

, ( ), , .

: ( ), / , , .

+7

Roger Lipscombe 15 . '10 9:12

. . . .
. : , , , .

+4

pierrotlefou 15 . '10 9:20

, , , . , Coverity - , NULL- , , .

, , preFAST/preFIX - , Microsoft, . , , . , - , (-), .

- , , .

+2

Michael Burr 15 . '10 9:13

"" . : . , , , .

+2

C Johnson 27 '10 17:10

. Parasoft ++ Test, .

+1

Sergei Kurenkov 15 . '10 9:06

, ?

""

Static Analysis , , . Coverity , , . Coverity Software Development Kit C ++, . concurrency, . "

http://www.coverity.com/products/static-analysis.html

+1

user204724 15 . '10 9:06

Coverity . , 100 , , .

- "", "" "" , , , , , .

Thirdly, if your code base is large (and whose one is not), subdivide it into components so that each team or group of developers can look only at the code that they directly support - this allows both more manageable pieces of work and also allows you determine component priorities (flaws in server code are more critical than defects in client code, or test code, or third-party code, etc.).

0

Asya kamsky Mar 26 '12 at 0:14

source share

Flash Sheridan · Accepted Answer · 2010-01-15T17:51:43+0000

The first thing to do is configure the analysis parameters; Coverage support probably left you with a pretty general configuration.

, , , , , . ( Coveritys , , , - .)
- , . ( , , , Coverity - .: -)
- , ; . , .
, . , , , , . (, , , . . , .)
- - , - .
- , , Ive, .
URL. , No New Warnings.

:

Coverity (http://forums.coverity.com/), , NDA. , .
, , , (http://codeintegritysolutions.com/); . , , ; - , , . ; , .
- Ive , : http://codeintegrity.blogspot.com/2010/01/handling-embarrassment-of-riches.html.

How to work with static analyzer output

More articles: