[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: RE: verification and linting of lua implementations
- From: Thomas Buergel <Thomas.Buergel@...>
- Date: Wed, 26 Oct 2011 07:01:24 +0000
>> Perhaps it might be worth to register Lua for Coverity Scan?
> So that Coverity claims in a press release that Lua contains 88
> high-risk defects? I'm not sure if this is such a great idea.
An Android kernel (which has been quoted to have 88 high-risk defects) has considerably more lines of code. I doubt Lua would get anywhere close to that, purely by statistics. "High-risk defects" include some pieces of code that are not necessarily bugs; a typical example is a sprintf or strcpy (which could lead to buffer overruns). Depending on context, these are high risk, or they are not. The tool gives options to mark them as "intended" or "needs a fix", etc.
Another example is Python (which is in "rung 2" ) that is probably closer to Lua; it lists with 177 defects fixed, 2 verified, 6 not yet inspected.
Besides, if you're interested in finding bugs, why wouldn't you use any tool that is available? Just to prevent someone from noticing that there might actually be some bugs?