What does Coverity/clang static analysis actually do?
BCS
none at anon.com
Thu Oct 1 23:58:07 PDT 2009
Hello Walter,
>> 3) Rule creation. The core engine usually generates some digested
>> dataset upon rules are evaluated. The systems come with a builtin
>> set that do the sorts of things already talked about. In addition
>> they come with the ability to develop new rules specific to your
>> application and business needs. For example:
>>
>> * tracking of taint from user data
>> * what data is acceptable to log to files (for example NOT
>> credit-cards)
> There have been several proposals for user-defined attributes for
> types, I think that is better than having some external rule file.
>
For open source and libs, yes. For proprietary code bases, I'd say it's about
a wash. Having it in another file could make the language/code base easier
to read and also allow a much more powerful rules language (because it doesn't
have to fit in the host language). And because only you will be maintaining
the code, needing another tool (that you already have) and another build
step isn't much of an issue.
More information about the Digitalmars-d
mailing list