[Geany-Devel] using Coverity to audit the code base

Liviu Andronic landronimirc at xxxxx
Fri Feb 13 12:11:47 UTC 2015


On Fri, Feb 13, 2015 at 1:01 PM, Frank Lanitz <frank at frank.uvena.de> wrote:
> Am 2015-02-12 22:21, schrieb Liviu Andronic:
>>
>> Dear all,
>> Recently I've discovered Coverity, a code checking tool, and went
>> ahead and submitted the Geany code for static analysis by this
>> service:
>> https://scan.coverity.com/projects/1388
>>
>> Coverity has uncovered ~55 implementation defects in the code
>> base, with 25 or so of high severity (memory corruption, resource
>> leaks, etc.) To view the defects, you need to connect with your Github
>> account (or create one with Coverity) and request 'Add me to project'
>> (which I shall then approve). Coverity provides overall metrics like
>> defect density (Geany scores an impressive 0.23), but also classifies
>> uncovered bugs by type and severity, and provides a nice UI trying to
>> explain to the devels the specifics of the bug and how to address it
>> (e.g. where it happens, why it's an issue, etc.)
>>
>> This tool is being used by heavyweights like LibreOffice, the Linux
>> Kernel, Firefox or Python to improve the robustness of their code
>> base. I suspect that Coverity could prove invaluable when trying to
>> hunt down frustrating implementation issues causing obscure bugs.
>>
>> In any case the identified bugs are now ready for inspection by the
>> devels, so feel free to drop by!
>
>
> Any chance to get the info w/o creating an account?
>
Well, not easily. Coverity forces users to sign a user agreement that
would prevent you from creating competitor products using what you've
learned from how their Scan works, or so I've heard. But more
practically, their web-interface allows devels to easily understand
the bugs, where they're located, what needs to be fixed, etc. Of
course I could send you screenshots privately, say, but I don't think
that would be an efficient approach.

And since all our devels have github accounts, it's a breeze to sign
into Coverity using that account...

Regards,
Liviu


> Cheers,
> Frank
> _______________________________________________
> Devel mailing list
> Devel at lists.geany.org
> https://lists.geany.org/cgi-bin/mailman/listinfo/devel



-- 
Do you think you know what math is?
http://www.ideasroadshow.com/issues/ian-stewart-2013-08-02
Or what it means to be intelligent?
http://www.ideasroadshow.com/issues/john-duncan-2013-08-30
Think again:
http://www.ideasroadshow.com/library


More information about the Devel mailing list