On Mon, 2006-03-06 at 11:55 -0300, Alvaro Herrera wrote: > AFAIR they got a private scan done and they fixed the reported defects.
Indeed: EnterpriseDB paid for a license for the Coverity static analysis tool, and then ran that tool on the open-source Postgres tree. One of their engineers then worked with me to get a bunch of patches committed to fix the issues the tool identified -- e.g. http://archives.postgresql.org/pgsql-committers/2005-06/msg00428.php http://archives.postgresql.org/pgsql-committers/2005-06/msg00314.php http://archives.postgresql.org/pgsql-committers/2005-06/msg00315.php http://archives.postgresql.org/pgsql-committers/2005-06/msg00298.php The tool found a few significant bugs, but most of the fixes were somewhat cosmetic. (Perhaps one reason for this is that the Stanford checker was run on an earlier version of PostgreSQL by some grad students at Stanford, who submitted patches / bug reports for the more serious issues they found.) I'm a bit surprised to see that there are ~300 unfixed defects: AFAIR I fixed all the issues the EDB guys passed on to me, with the exception of some false positives and a handful of minor issues in ECPG that I couldn't be bothered fixing (frankly I would rather not touch the ECPG code). I've requested access to the Coverity results -- I'll be curious to see if we can get any more useful fixes from the tool. -Neil ---------------------------(end of broadcast)--------------------------- TIP 2: Don't 'kill -9' the postmaster
