This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Software Quality Binutils

From: John Darrington <john at darrington dot wattle dot id dot au>
To: Christoph Hazott <Christoph dot Hazott at live dot de>
Cc: "binutils at sourceware dot org" <binutils at sourceware dot org>
Date: Mon, 13 Aug 2018 21:52:00 +0200
Subject: Re: Software Quality Binutils
References: <AM0PR03MB4212DA83DFCBC1EC6FD74EDC91390@AM0PR03MB4212.eurprd03.prod.outlook.com>

Hi Christoph,

I'm sure that if you identify any particular issues and send 
patches, then they'll be carefully considered by the relevant person.

However I'm equally sure that if you send patches simply because they
shut sonar up then most will be rejected.   Sonar in its default
cofiguration is highly promiscuous - it includes criteria from
committees such as MISRA who in my opionion have failed to grasp many
principles of coding, and their rules achive the opposite of clean
code.


(I formerly worked at Infineon and  I don't think they're in a position
to complain that other people's code is "smelly"!)


J'


On Mon, Aug 13, 2018 at 06:25:38PM +0000, Christoph Hazott wrote:
     Hi,
     
     
     first of all I quickly want to introduce myself. My name is Christoph Hazott, I life in Austria but am originally from Germany. Currently I'm employed at Infineon as Test Development Engineer for RADAR Products and made my MSc. Degree in Embedded Systems Design at the University of Applied Sciences Upper Austria in 2012.
     
     I'm very fond of Free Software but have to say that due to (in my opinion) software entropy with such a high amount of contributors and functionality the tools have become smelly.
     
     
     I sat down now for one day and made a static code analysis of the binutils (because they are the major part of the toolchain). I uploaded the code of version 2.30.90 (last snapshot) to my public GitHub (https://github.com/h4z4rt/binutils) and connected it to sonar. In a virtual machine I executed the scanner with a Linux From Scratch configuration and the results where  uploaded to https://sonarcloud.io/organizations/h4z4rt-github/projects  and can be viewed there.
     
     
     
     The results show 535 Bugs, 804 Vulnerabilities, 8.5k Code Smells and > 11.7% duplications.
     
     
     
     Because of this I would like to contribute to the binutils project by setting up an infrastructure for static code analysis (and further...).
     
     I would be happy if you would liketo have me to contribute to the binutils like this.
     
     
     
     Looking forward to your supply.
     
     
     
     Regards,
     
     
     
     Christoph
     
     
     
     PS: I'm not fixed on any code analysis tools I just used sonar because I personally made the best experience with it.
     
     
     
     
     
     
     
     
     
     
     

-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.

Follow-Ups:
- AW: Software Quality Binutils
  - From: Christoph Hazott

References:
- Software Quality Binutils
  - From: Christoph Hazott

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]