On 3/7/06, Ben Chelf
Putting on my idealistic hat and remembering back my grad school days, I think we're on to something very new in the world of source code analysis. I really just want every developer to use source code analysis while they write code (remember, idealistic :)). We got a lot of the good publicity in the research lab because there existed this big open source OS that we could test our theories on. So from that angle, I think it makes sense for Coverity to have a strong relationship with the open source community since that community has been helping us pretty much since day 1. This project is just the next step in that...it's certainly not the last.
There's plenty more to do to target every developer.
Well, as long as we're talking idealistically, I wonder how easy it would be
to add reference-counting tracking to Coverity Prevent. Python, Perl and (I
believe) PHP all have their own kind of refcounting, but the base semantics
are pretty much the same: a function can return a new or a borrowed
reference, and it can borrow or steal references passed to it. Without
having seen how Prevent works, it feels to me like it would be a small
addition to keep track of these application-specific details. Or, perhaps
more generic, add a few markers to keep track of them; in Python, you'd only
have to mark Py_INCREF and Py_DECREF, and possibly manual fidgeting with an
objects' refcount (which is hopefully extremely rare.)
I say 'idealistically', though, because I don't know how much business sense
it makes to cater to refcounting mechanisms.
--
Thomas Wouters