On 05/31/2013 11:22 PM, Stephan
Herrmann wrote:
From a
brief look at the types of issues found by Coverty Scan
there seems to be significant overlap with similar capabilities by
JDT.
OTOH, I have the feeling that most projects only use a fraction of
JDT's capabilities, for fear of being overwhelmed by too many
warnings.
That's right, JDT is a great tool when it comes to static analysis
in the IDE. Coverity (or Sonar) would delegate this analysis to
build time, allowing reports, trends and a global view on the
project quality metrics and hotspots. JDT doesn't do that.
Also, I feel most people keep the default PDE settings in their
workspace, and that this default settings are actually quite weak.
So the power of PDE for static analysis is hidden because of those
default settings.
If any projects consider the offer from Coverty attractive, it
would be
interesting to hear - from a JDT p.o.v. - what are their
expectations.
I think the idea is to get an overview of the qualify. See for
example what Sonar gives:
https://dev.eclipse.org/sonar/dashboard/index/1
You'll see the same errors as you can see with PDE and FindBugs
plugins in your workspace in the context of a file edition, but you
have a dedicated view on the quality metrics, that may allow you to
see how much technical debt your project has and what are its
weaknesses.
|