[jitsi-dev] FindBugs / coverity


#1

Hi guys,

I've started to use FindBugs to squash some bug in libjitsi and ice4j
This is a slow process but i really think it's worth it, as this uncover
some really hard to spot bugs
(bytes conversion bugs for exemple).

I've started to send some PR (
https://github.com/pulls?q=is%3Apr+author%3Achamptar+is%3Aopen)
with the simple fixes, but you should really consider using it, as there is
a lot of remaining bugs, including synchronization bugs.

I've also tested coverity (free for OSS / cloud based service), it's a bit
more work to put in place,
but it has better explanation for bugs than findbugs.
With current jenkins you could add a daily job to submit the code to
coverity.

Regards
Etienne


#2

+1 for static analysis, it has been helpful to me in the past.

A good set of rules comes with SonarQube, which is LGPL, it seems to
give good rankings of bugs (in other words, there probably aren't
hundreds of "critical" bugs reported by the tool).

Jesse

ยทยทยท

On Tue, 2016-04-19 at 11:52 +0200, Etienne Champetier wrote:

Hi guys,

I've started to use FindBugs to squash some bug in libjitsi and ice4j

This is a slow process but i really think it's worth it, as this
uncover some really hard to spot bugs

(bytes conversion bugs for exemple).

I've started to send some PR (https://github.com/pulls?q=is%3Apr
+author%3Achamptar+is%3Aopen)

with the simple fixes, but you should really consider using it, as
there is a lot of remaining bugs, including synchronization bugs.

I've also tested coverity (free for OSS / cloud based service), it's a
bit more work to put in place,

but it has better explanation for bugs than findbugs.
With current jenkins you could add a daily job to submit the code to
coverity.

Regards

Etienne

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev