Front page | perl.perl5.porters |
Postings from April 2014
Background: I was recently email-pinged by Coverity support team about what extra support we would need for "your ongoing project". After a moment of head-scratching I realized that they must be talking about perl5 Coverity set-up which was used for a while aeons (well, some years) ago. I asked rjbs about it but it seems that there was currently no active effort on that front. Well, I fixed that... I set up 'perl5' Coverity open source project, uploaded blead snapshot as of 90ab41, and started the analysis. The result: 31 "high impact" issues, and about 290 more (medium and low). I've gone through the high impact ones, and so far maybe one third are worth a patch, one third were false positives (some of which can be annotated as such to Coverity), the last third indicate cases where Coverity could possibly be taught to understand Perl code better (that is, shut up about certain things we tend to do). If other people want to take a look at the issues, I *think* all they need to do is to create a Coverity account (https://scan.coverity.com/) and then join the 'perl5' project which I created, I will approve the joins. Many of the reported issues (especially in the "low" end) may be false alarms. Though... my standard response for "this static checking tool got this wrong, therefore it sucks and I won't be using it" is "if your code is messy enough for a static checker to get it wrong, it may be time to clean up your code". I will be sending out the fixes I think are immediately fixable.Thread Next