[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: verification and linting of lua implementations
- From: Roberto Ierusalimschy <roberto@...>
- Date: Wed, 26 Oct 2011 17:20:26 -0200
> On Tue, Oct 25, 2011 at 7:01 PM, Florian Weimer <email@example.com> wrote:
> > * Thomas Buergel:
> >> Perhaps it might be worth to register Lua for Coverity Scan?
> > So that Coverity claims in a press release that Lua contains 88
> > high-risk defects? I'm not sure if this is such a great idea.
> So we could patch 'em? I, for one, am sure it is.
The main problem is that, for most of these tools, patching real bugs is
not enough. For a program to be "clean", it must include a plethora of
annotations peculiar to each particular tool. (Maybe Coverity Scan
does not require such annotations; that would be great.)