[HACKERS] Coverity Open Source Defect Scan of PostgreSQL

2006-03-06 Thread Ben Chelf 

Hello PostgreSQL Developers,

  I'm the CTO of Coverity, Inc., a company that does static source code 
analysis to look for defects in code. You may have heard of us or of our 
technology from its days at Stanford (the "Stanford Checker"). The 
reason I'm writing is because we have set up a framework internally to 
continually scan open source projects and provide the results of our 
analysis back to the developers of those projects. PostgreSQL is one of 
the 32 projects currently scanned at:


http://scan.coverity.com

  My belief is that we (Coverity) must reach out to the developers of 
these packages (you) in order to make progress in actually fixing the 
defects that we happen to find, so this is my first step in that 
mission. Of course, I think Coverity technology is great, but I want to 
hear what you think and that's why I worked with folks at Coverity to 
put this infrastructure in place. The process is simple -- it checks out 
your code each night from your repository and scans it so you can always 
see the latest results.


  Right now, we're guarding access to the actual defects that we report 
for a couple of reasons: (1) We think that you, as developers of 
PostgreSQL, should have the chance to look at the defects we find to 
patch them before random other folks get to see what we found and (2) 
From a support perspective, we want to make sure that we have the 
appropriate time to engage with those who want to use the results to fix 
the code. Because of this second point, I'd ask that if you are 
interested in really digging into the results a bit further for your 
project, please have a couple of core maintainers (or group nominated 
individuals) reach out to me to request access. As this is a new process 
for us and still involves a small number of packages, I want to make 
sure that I personally can be involved with the activity that is 
generated from this effort.


  So I'm basically asking for people who want to play around with some 
cool new technology to help make source code better. If this interests 
you, please feel free to reach out to me directly. And of course, if 
there are other packages you care about that aren't currently on the 
list, I want to know about those too.


  If this is the wrong list, my sincerest apologies and please let me 
know where would be a more appropriate forum for this type of message.


Many thanks for reading this far...

-ben

 Ben Chelf
 Chief Technology Officer
 Coverity, Inc.

---(end of broadcast)---
TIP 2: Don't 'kill -9' the postmaster

Re: [HACKERS] Coverity Open Source Defect Scan of PostgreSQL

2006-03-08 Thread Ben Chelf 



Martijn van Oosterhout wrote:

On Tue, Mar 07, 2006 at 05:39:18PM -0500, Tom Lane wrote:


Martijn van Oosterhout  writes:


#ifdef STATIC_ANALYSIS
#define ereport(elevel, rest)  \
   (errstart(elevel, __FILE__, __LINE__, PG_FUNCNAME_MACRO) ? \
(errfinish rest) : (void) 0), (elevel >= ERROR ? exit(0) : 0)
#else
/* Normal def */
#endif


Hmm, neat idea ... though I wonder whether either gcc or Coverity's tool
is smart enough to draw the right conclusions from a conditional exit()
call ...




As for Coverity, if the elevel that's passed to the ereport is really a 
constant, the above #ifdef should absolutely do the trick for us so we 
know to stop analyzing on that path...Let me know if it doesn't actually 
do that ;)


-ben


---(end of broadcast)---
TIP 3: Have you checked our extensive FAQ?

  http://www.postgresql.org/docs/faq

Re: [HACKERS] Coverity Open Source Defect Scan of PostgreSQL

2006-03-09 Thread Ben Chelf 

On 3/8/06, Josh Berkus  wrote:

>Actually, I thougth that Neil/eDB did this with their copy.  Is
> there any way to get a copy of that "training configuration"?


Just to jump in on this thread, we can absolutely configure elog -- if 
you have the config already, great. If not, if you can just send me the 
prototype/macro expansion for 'elog' and the constant values that are 
passed in the case where it exits, I'll add that config. Thanks!


-ben

---(end of broadcast)---
TIP 2: Don't 'kill -9' the postmaster