[Geany-Devel] using Coverity to audit the code base
Dear all, Recently I've discovered Coverity, a code checking tool, and went ahead and submitted the Geany code for static analysis by this service: https://scan.coverity.com/projects/1388 Coverity has uncovered ~55 implementation defects in the code base, with 25 or so of high severity (memory corruption, resource leaks, etc.) To view the defects, you need to connect with your Github account (or create one with Coverity) and request 'Add me to project' (which I shall then approve). Coverity provides overall metrics like defect density (Geany scores an impressive 0.23), but also classifies uncovered bugs by type and severity, and provides a nice UI trying to explain to the devels the specifics of the bug and how to address it (e.g. where it happens, why it's an issue, etc.) This tool is being used by heavyweights like LibreOffice, the Linux Kernel, Firefox or Python to improve the robustness of their code base. I suspect that Coverity could prove invaluable when trying to hunt down frustrating implementation issues causing obscure bugs. In any case the identified bugs are now ready for inspection by the devels, so feel free to drop by! Regards, Liviu -- Do you think you know what math is? http://www.ideasroadshow.com/issues/ian-stewart-2013-08-02 Or what it means to be intelligent? http://www.ideasroadshow.com/issues/john-duncan-2013-08-30 Think again: http://www.ideasroadshow.com/library ___ Devel mailing list Devel@lists.geany.org https://lists.geany.org/cgi-bin/mailman/listinfo/devel
Re: [Geany-Devel] using Coverity to audit the code base
Am 2015-02-12 22:21, schrieb Liviu Andronic: Dear all, Recently I've discovered Coverity, a code checking tool, and went ahead and submitted the Geany code for static analysis by this service: https://scan.coverity.com/projects/1388 Coverity has uncovered ~55 implementation defects in the code base, with 25 or so of high severity (memory corruption, resource leaks, etc.) To view the defects, you need to connect with your Github account (or create one with Coverity) and request 'Add me to project' (which I shall then approve). Coverity provides overall metrics like defect density (Geany scores an impressive 0.23), but also classifies uncovered bugs by type and severity, and provides a nice UI trying to explain to the devels the specifics of the bug and how to address it (e.g. where it happens, why it's an issue, etc.) This tool is being used by heavyweights like LibreOffice, the Linux Kernel, Firefox or Python to improve the robustness of their code base. I suspect that Coverity could prove invaluable when trying to hunt down frustrating implementation issues causing obscure bugs. In any case the identified bugs are now ready for inspection by the devels, so feel free to drop by! Any chance to get the info w/o creating an account? Cheers, Frank ___ Devel mailing list Devel@lists.geany.org https://lists.geany.org/cgi-bin/mailman/listinfo/devel
Re: [Geany-Devel] using Coverity to audit the code base
On Fri, Feb 13, 2015 at 1:01 PM, Frank Lanitz fr...@frank.uvena.de wrote: Am 2015-02-12 22:21, schrieb Liviu Andronic: Dear all, Recently I've discovered Coverity, a code checking tool, and went ahead and submitted the Geany code for static analysis by this service: https://scan.coverity.com/projects/1388 Coverity has uncovered ~55 implementation defects in the code base, with 25 or so of high severity (memory corruption, resource leaks, etc.) To view the defects, you need to connect with your Github account (or create one with Coverity) and request 'Add me to project' (which I shall then approve). Coverity provides overall metrics like defect density (Geany scores an impressive 0.23), but also classifies uncovered bugs by type and severity, and provides a nice UI trying to explain to the devels the specifics of the bug and how to address it (e.g. where it happens, why it's an issue, etc.) This tool is being used by heavyweights like LibreOffice, the Linux Kernel, Firefox or Python to improve the robustness of their code base. I suspect that Coverity could prove invaluable when trying to hunt down frustrating implementation issues causing obscure bugs. In any case the identified bugs are now ready for inspection by the devels, so feel free to drop by! Any chance to get the info w/o creating an account? Well, not easily. Coverity forces users to sign a user agreement that would prevent you from creating competitor products using what you've learned from how their Scan works, or so I've heard. But more practically, their web-interface allows devels to easily understand the bugs, where they're located, what needs to be fixed, etc. Of course I could send you screenshots privately, say, but I don't think that would be an efficient approach. And since all our devels have github accounts, it's a breeze to sign into Coverity using that account... Regards, Liviu Cheers, Frank ___ Devel mailing list Devel@lists.geany.org https://lists.geany.org/cgi-bin/mailman/listinfo/devel -- Do you think you know what math is? http://www.ideasroadshow.com/issues/ian-stewart-2013-08-02 Or what it means to be intelligent? http://www.ideasroadshow.com/issues/john-duncan-2013-08-30 Think again: http://www.ideasroadshow.com/library ___ Devel mailing list Devel@lists.geany.org https://lists.geany.org/cgi-bin/mailman/listinfo/devel
