I just received of the Coverity Report on LibreOffice: http://wpcme.coverity.com/wp-content/uploads/2014-Coverity-Scan-Spotlight-LibreOffice.pdf
At a quick glance I saw a couple of items that caught my eye: 1. I found this tidbit interesting, mainly because I wasn't aware of how Clang plugins apparently can be used to fix bad code or help auto-generate code for some situations: Q: Fixing more than 10,000 defects in approximately two years is a major accomplishment. How was the project able to achieve this? A: The largest block of our defects, approximately 4000, were uncaught exceptions. For many of these, the problem was that the base classes are generated from idl files into C++ classes where each method by default is allowed to throw just RuntimeException while our implementations tended to throw any number of exceptions inherited from std::exception, typically via boost. My colleague Stephen Bergmann adapted our "codemaker" module to allow these UNO interface functions to throw std::exception and then wrote a Clang plugin to find and rewrite the implementations of those to allow std::exception. That took care of a lot of the noise allowing the remaining problems to be effectively addressed. In general, the remaining exception problems broke into three categories: a) isolated cases where the exception specification was simply wrong, b) isolated cases where the exception needed to be explicitly caught and dealt with, and c) a handful of low-level places where the exception should have been caught and dealt with locally, but because it wasn't the infection, affected dozens and dozens of dependent methods. In other words, a single fix at the right place would clobber dozens of Coverity warnings in higher levels. The next largest categories were uninitialized variable in constructors and forward null where we potentially dereferenced NULL pointers. Persistence was the only technique used to resolve these. 2. Are we still running Coverity? They are--once a week: Q: Have you adjusted your processes to ensure that you continue to maintain this high level of quality? A: We hope so. We're now running LibreOffice through Coverity approximately once a week, and while we still have historical warnings we need to fix and warnings we need to figure out how to silence, we're now in a place where we have a very short list of perhaps 10-20 new warnings per cycle to investigate as priorities each run. Cheers! -Tom ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ BRL-CAD Developer mailing list brlcad-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/brlcad-devel
