> Last year I had been doing the coverity scans on an almost daily basis
> for 2-3 months.  Now that we're a year in, I'd like to share some
> results, and show some of the more common trends and bug patterns that
> seem to pop up.
> 
> [ spoiler: For the most part, it's all pretty positive, but we still suck ]
> 
> It would also be good to have some more discussion about other tools
> we could be making more use of.  (Nomination: Dan Carpenter for smatch).

I'm definately interested.

In my workflow, I use sparse/smatch/coccicheck/cppcheck before applying
my own work, or patches to the i2c branches. (Oh, and rats and flawfinder,
too, but so far, they didn't point to something worthwhile.)

I am interested in workflows and experiences from other people, how
usage of static analyzers could be spread (gcc inclusion sounds great),
how to make them more robust, etc... And by doing that, get a better
feeling when an issue left the scope of static code checking and needs
some proper handling.

Thanks,

   Wolfram