> A) Squid code review practices eliminate nearly all real bugs
> that static analysis can find. Thus, SA is not very helpful.
>
> B) We have already found (the "hard way") and fixed nearly all
> real bugs so static analysis cannot find them until new bugs
> are added. When they are added, SA will be helpful so that we
> do not need to find those bugs the "hard way".
>
> I wonder if it makes sense to test a much earlier version of Squid
> (e.g., 3.1.0 or perhaps even 3.0.1). That way, we can see whether
> Coverity can detect the real bugs that we have found the "hard way" (and
> since fixed)?
I fully agree with your analysis.
--
/kinkie
Received on Wed Oct 24 2012 - 17:11:45 MDT
This archive was generated by hypermail 2.2.0 : Thu Oct 25 2012 - 12:00:08 MDT