[Geany-Devel] using Coverity to audit the code base
Liviu Andronic
landronimirc at xxxxx
Thu Feb 12 21:21:21 UTC 2015
Dear all,
Recently I've discovered Coverity, a code checking tool, and went
ahead and submitted the Geany code for static analysis by this
service:
https://scan.coverity.com/projects/1388
Coverity has uncovered ~55 implementation defects in the code
base, with 25 or so of high severity (memory corruption, resource
leaks, etc.) To view the defects, you need to connect with your Github
account (or create one with Coverity) and request 'Add me to project'
(which I shall then approve). Coverity provides overall metrics like
defect density (Geany scores an impressive 0.23), but also classifies
uncovered bugs by type and severity, and provides a nice UI trying to
explain to the devels the specifics of the bug and how to address it
(e.g. where it happens, why it's an issue, etc.)
This tool is being used by heavyweights like LibreOffice, the Linux
Kernel, Firefox or Python to improve the robustness of their code
base. I suspect that Coverity could prove invaluable when trying to
hunt down frustrating implementation issues causing obscure bugs.
In any case the identified bugs are now ready for inspection by the
devels, so feel free to drop by!
Regards,
Liviu
--
Do you think you know what math is?
http://www.ideasroadshow.com/issues/ian-stewart-2013-08-02
Or what it means to be intelligent?
http://www.ideasroadshow.com/issues/john-duncan-2013-08-30
Think again:
http://www.ideasroadshow.com/library
More information about the Devel
mailing list