On 4 Dec 2014 at 18:30, Hickman, Steve (AdvTech) wrote:
I don't know if there is a policy yet on using static code checkers on the Boost code base as part of the release cycle. Given that the Visual Studio 2012 Analyzer tool I'm using just picked up 3 issues in the 1.57 release (I've posted TRAC items on them already), I suspect not.
The policy is that this is up to each library maintainer. Some do, some don't. Of those that do, coverage is usually fairly restricted to one or two analysers.
I would like to encourage such a policy. Boost is, among other things, about quality. This is a way to enhance quality. For people like me who work in safety critical fields, it is vital. I cannot use Boost libraries if they can't be certified. Static analyzers can help insure quality, which makes it easier to qualify these tools.
There are many tools available. Some, like CppCheck, are open source. Others are built into development environments (aforementioned VS Analyzer, Clang tools, etc.). Further, I suspect that tool vendors could be convinced it would be good PR to have their tools used by Boost, so I suspect even those with paid licenses can be made available for free.
I think you would be surprised at how unfree licences are for free software. Setting this stuff up is not free, including renting the CI testing resources. As I'm on the Boost.Thread maintainence team, I hereby solicit any funding you or anyone else can provide to improve the static testing of Boost.Thread, and to be specific: 1. The renting of a dedicated server for a Jenkins installation on an ongoing basis. 2. The licencing of the installations of Microsoft Windows required and any static testing tools required. 3. The hourly rate, at approximately $150/hour, of someone qualified in CI config to set all this up for Boost.Thread. I should estimate 160 - 200 hours might do it. And then their hourly rate on an ongoing basis to maintain it e.g. security patches and updates. If you or anyone else can supply any or all of this, we on the Boost.Thread team are very interested to hear from you. Niall -- ned Productions Limited Consulting http://www.nedproductions.biz/ http://ie.linkedin.com/in/nialldouglas/