Static code analysis tool for openbmc

Tanous, Ed ed.tanous at intel.com
Fri Mar 15 03:26:10 AEDT 2019


> 
> Is there any plan to use any static code analysis tool in openbmc? I find one
> of the tool which is good and used in multiple opensource projects is
> "coverity".
> 

I'm in full support of getting coverity started.  I had some troubles with performance (the analysis for a single app takes a very long time) and unexpected false positives when I attempted it a while back, and gave up at the time.  One person also did get the Facebook static analyzer, infer, running recently on an OpenBMC project and it seemed to give some results, about 10% of which were actionable, and generated some commits to OpenBMC.  I'm not sure I'd advocate for it, but it's certainly another option.

-Ed


More information about the openbmc mailing list