Hi Ira Cooper, I have seen the reports of both Coverity and Clang. Clang catches only 60-70 types of bugs, on the other hand Coverty supports 110-120 (most of them are similar bugs) Clang has high ratio of false positives compared to Coverity. Also Coverity is proprietary tool, Even I heard that Coverity gives access to use it twice a week/month for free to our community. But the point here is everybody cannot get access to run. The Idea is not to drop Coverity rather reduce the defect injection in to project by using Clang-Analyzer. Best Regards, Prasanna Kumar K ----- Original Message ----- From: "Ira Cooper" <icooper@xxxxxxxxxx> To: "Prasanna Kalever" <pkalever@xxxxxxxxxx> Cc: gluster-devel@xxxxxxxxxxx Sent: Tuesday, May 26, 2015 10:54:31 PM Subject: Re: Proposal: Using LLVM clang-analyzer in gluster development Prasanna, have you compared the results to the ones we see via coverity? -Ira ----- Original Message ----- > Hi gluster team, > > Proposal: > > Using Clang static analyzer tool for gluster project > > > > About Clang: > > From a very high level view, Clang has two features > > 1. Clang as a compiler > 2. Clang as a code analyzer > > The Idea hear is to use second point i.e Clang as code analyzer and still gcc > will be our default compiler. > > The Clang Static Analyzer is a source code analysis tool that finds bugs in > C, > C++, and Objective-C programs. Given the exact same code base, clang-analyzer > reported ~70 potential issues. clang is an awesome and free tool. > > The reports from clang-analyzer are in HTML and there’s a single file for > each > issue and it generates a nice looking source code with embedded comments > about > which flow that was followed all the way down to the problem. > > > > Why Clang-Analyzer: (Advantages) > > Since its is an open source tool: > > Available to all the developers > > Easy Access, we can run the tool while we compile the code (say $ > scan-build make ) > > No restrictions on Number of Runs per week/day/hour/min .. > > Defects are Identified before submitting a patch, thus very less > chance > of defect injection into project > > > The Html view of clang is very impressive with all the source code including > comments of clang-analyzer, which lead to defect line number directly . > > I have attached a sample clang results for geo-replication module run on > latest 3.7+ glusterfs code, please find them above. > > Thanks for your time. > > Best Regards, > Prasanna Kumar K. > > > _______________________________________________ > Gluster-devel mailing list > Gluster-devel@xxxxxxxxxxx > http://www.gluster.org/mailman/listinfo/gluster-devel > _______________________________________________ Gluster-devel mailing list Gluster-devel@xxxxxxxxxxx http://www.gluster.org/mailman/listinfo/gluster-devel
