Linked by Thom Holwerda on Thu 22nd May 2008 18:21 UTC
GNU, GPL, Open Source Coverity has published the 2008 edition of its Open Source Report. The report uses static code analysis on C, C++, and Java source code to determine the quality of the code. These reports are funded by the US Department of Homeland Security and supported by Stanford University, and are part of the US government's Open Source Hardening Project. The report is based on over two years' worth of data from Coverity Scan.
Order by: Score:
Difference from Lint?
by evangs on Thu 22nd May 2008 19:27 UTC
evangs
Member since:
2005-07-07

How does this tool differ from good old Lint that's available for C/C++?

From the little details I can gain from that website, it appears to be little more than a Lint-like tool. If that is the case, I do not see the point as there are hundreds of such programs around. See http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis for a list.

Reply Score: 2

RE: Difference from Lint?
by sukru on Thu 22nd May 2008 20:20 UTC in reply to "Difference from Lint?"
sukru Member since:
2006-11-19

How does this tool differ from good old Lint that's available for C/C++?


First, this tool is not only for C/C++. And they're actively monitoring open source projects for defects, which is a good thing.

Anyways, you question is not much different from "Why do we need new editors while we have good old Vi?" (Actually vi question is more serious).

Reply Score: 3

RE[2]: Difference from Lint?
by unavowed on Thu 22nd May 2008 22:22 UTC in reply to "RE: Difference from Lint?"
unavowed Member since:
2006-03-23

Why do we even need new news articles? The old ones are perfectly fine by me.

Reply Score: 6

RE: Difference from Lint?
by butters on Fri 23rd May 2008 01:10 UTC in reply to "Difference from Lint?"
butters Member since:
2005-07-08

Coverity is vastly superior to any other static analysis tool on the market. It does inter-procedural analysis (following semantic paths across function and library calls), incremental analysis (only scans paths that changed since the last scan), concurrency checking, locking consistency, enforcement of arbitrary coding standards, and much more.

My favorite aspect of Coverity is the web-based interface that combines a syntax-highlighted, hyperlinked source browser with a step-by-step trace of the path leading to the selected defect inlined right into the code. As someone who has previously worked on integrating far less user-friendly static analysis tools into commercial development projects, Coverity is a thing of beauty.

Edited 2008-05-23 01:11 UTC

Reply Score: 12

RE[2]: Difference from Lint?
by evangs on Fri 23rd May 2008 05:54 UTC in reply to "RE: Difference from Lint?"
evangs Member since:
2005-07-07

...concurrency checking, locking consistency...


Thank you for that informative post. It's a shame that I can't mod you up after posting ;) If it does concurrency checking and locking consistency, that's a very useful feature in my book.

Reply Score: 3

coverity and open source
by ari-free on Thu 22nd May 2008 22:50 UTC
ari-free
Member since:
2007-01-22

I'm hoping we will see Haiku, syllable, reactos and other open source OS's on the coverity scan.

Reply Score: 2

RE: coverity and open source
by butters on Fri 23rd May 2008 01:22 UTC in reply to "coverity and open source"
butters Member since:
2005-07-08

Coverity offers the use of their (full-featured) tool free-of-charge to any open-source project on the condition that any bugs they find include an attribution (i.e. "Found using Coverity") in their bug tracker.

It's a pretty sweet deal, since Coverity can easily cost over $1 million USD for proprietary projects, depending on the size of the codebase. All that open-source projects have to do is take advantage of this mutually-beneficial arrangement. There's no reason not to!

Reply Score: 8

RE[2]: coverity and open source
by ari-free on Fri 23rd May 2008 02:16 UTC in reply to "RE: coverity and open source"
ari-free Member since:
2007-01-22
RE[2]: coverity and open source
by samad on Fri 23rd May 2008 23:06 UTC in reply to "RE: coverity and open source"
samad Member since:
2006-03-31

I worked on an open-source project used extensively in the systems biology field. (Several major international research institutions are involved in its development.) I called Coverity and asked them if we could use their program for our project. They said they only allow a limited number of open-source projects to use their program for free.

Reply Score: 2

david_maxwell Member since:
2008-05-24

Hello Samad,

I was sent a copy of your comment. I would like to know when you called Coverity, and which department, or who you spoke to, if you still have that information.

We don't have a set limit on the number of projects included in the Scan, so either your call was before some of the project was planned out, or I need to do some internal communication to prevent an incorrect message like 'a limited number of projects' from being repeated again.

There are limited resources of course, since we don't have an infinite number of build machines, but I've never turned a project away because of how many projects we have in the Scan already.

There is a backlog of requests for adding new projects, but to get in the queue, submit your project to scan-admin@coverity.com, if you have not done so already. I don't know the name of your project, so I can't proactively check the queue before sending this reply.

Reply Score: 4

Comment by ari-free
by ari-free on Fri 23rd May 2008 02:20 UTC
ari-free
Member since:
2007-01-22

coverity is another reason why the OS's mentioned in the other post should be open sourced

Reply Score: 2

Were's the beef?
by bolomkxxviii on Fri 23rd May 2008 10:10 UTC
bolomkxxviii
Member since:
2006-05-19

So far everyone has commented on everything but the point of the article. Open source software is getting better.

Edited 2008-05-23 10:10 UTC

Reply Score: 4

RE: Were's the beef? - inevitability
by jabbotts on Fri 23rd May 2008 12:54 UTC in reply to "Were's the beef?"
jabbotts Member since:
2007-09-06

FOSS improving through evolution is inevitable so the only thing too comment on is everything else. ;)

I couldn't resist. Seriously though, I'm glad too see government funding going into FOSS so publicly. The comparison to previous audits shows improvement and all found bugs are reported back directly driving improvement; what's not to like?

Reply Score: 3

RE: Were's the beef?
by sorpigal on Fri 23rd May 2008 17:07 UTC in reply to "Were's the beef?"
sorpigal Member since:
2005-11-02

Not much to say. Generally all software is improving. Without knowing the /difference/ in rate of improvement all we can say is "Well good."

Reply Score: 2