OSNews:

OSNews: http://www.osnews.com/story/19780/Coverity_Open_Source_Code_Quality_Up_by_16_Percent Exploring the Future of Computing en-us Copyright 2001-2009, David Adams adam+nospam@osnews.com Mon, 06 Jul 2009 03:38:29 GMT http://www.osnews.com/images/osnews.gif OSNews.com http://www.osnews.com Difference from Lint? http://osnews.com/thread?315275 http://osnews.com/thread?315275 How does this tool differ from good old Lint that's available for C/C++?

From the little details I can gain from that website, it appears to be little more than a Lint-like tool. If that is the case, I do not see the point as there are hundreds of such programs around. See http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis for a list. Thu, 22 May 2008 19:27:00 GMT donotreply@osnews.com (evangs) Comments RE: Difference from Lint? http://osnews.com/thread?315277 http://osnews.com/thread?315277

How does this tool differ from good old Lint that's available for C/C++?

First, this tool is not only for C/C++. And they're actively monitoring open source projects for defects, which is a good thing.

Anyways, you question is not much different from "Why do we need new editors while we have good old Vi?" (Actually vi question is more serious). Thu, 22 May 2008 20:20:00 GMT donotreply@osnews.com (sukru) Comments RE[2]: Difference from Lint? http://osnews.com/thread?315292 http://osnews.com/thread?315292 Why do we even need new news articles? The old ones are perfectly fine by me. Thu, 22 May 2008 22:22:00 GMT donotreply@osnews.com (unavowed) Comments coverity and open source http://osnews.com/thread?315295 http://osnews.com/thread?315295 I'm hoping we will see Haiku, syllable, reactos and other open source OS's on the coverity scan. Thu, 22 May 2008 22:50:00 GMT donotreply@osnews.com (ari-free) Comments RE: Difference from Lint? http://osnews.com/thread?315310 http://osnews.com/thread?315310 Coverity is vastly superior to any other static analysis tool on the market. It does inter-procedural analysis (following semantic paths across function and library calls), incremental analysis (only scans paths that changed since the last scan), concurrency checking, locking consistency, enforcement of arbitrary coding standards, and much more.

My favorite aspect of Coverity is the web-based interface that combines a syntax-highlighted, hyperlinked source browser with a step-by-step trace of the path leading to the selected defect inlined right into the code. As someone who has previously worked on integrating far less user-friendly static analysis tools into commercial development projects, Coverity is a thing of beauty.Edited 2008-05-23 01:11 UTC Fri, 23 May 2008 01:10:00 GMT donotreply@osnews.com (butters) Comments RE: coverity and open source http://osnews.com/thread?315313 http://osnews.com/thread?315313 Coverity offers the use of their (full-featured) tool free-of-charge to any open-source project on the condition that any bugs they find include an attribution (i.e. "Found using Coverity") in their bug tracker.

It's a pretty sweet deal, since Coverity can easily cost over $1 million USD for proprietary projects, depending on the size of the codebase. All that open-source projects have to do is take advantage of this mutually-beneficial arrangement. There's no reason not to! Fri, 23 May 2008 01:22:00 GMT donotreply@osnews.com (butters) Comments RE[2]: coverity and open source http://osnews.com/thread?315319 http://osnews.com/thread?315319 for example see for firefox:
https://bugzilla.mozilla.org/buglist.cgi?query_format=advanced&s... Fri, 23 May 2008 02:16:00 GMT donotreply@osnews.com (ari-free) Comments Comment by ari-free http://osnews.com/thread?315320 http://osnews.com/thread?315320 coverity is another reason why the OS's mentioned in the other post should be open sourced Fri, 23 May 2008 02:20:00 GMT donotreply@osnews.com (ari-free) Comments RE[2]: Difference from Lint? http://osnews.com/thread?315334 http://osnews.com/thread?315334

...concurrency checking, locking consistency...

Thank you for that informative post. It's a shame that I can't mod you up after posting

If it does concurrency checking and locking consistency, that's a very useful feature in my book. Fri, 23 May 2008 05:54:00 GMT donotreply@osnews.com (evangs) Comments Were's the beef? http://osnews.com/thread?315354 http://osnews.com/thread?315354 So far everyone has commented on everything but the point of the article. Open source software is getting better.Edited 2008-05-23 10:10 UTC Fri, 23 May 2008 10:10:00 GMT donotreply@osnews.com (bolomkxxviii) Comments RE: Were's the beef? - inevitability http://osnews.com/thread?315371 http://osnews.com/thread?315371 FOSS improving through evolution is inevitable so the only thing too comment on is everything else.

I couldn't resist. Seriously though, I'm glad too see government funding going into FOSS so publicly. The comparison to previous audits shows improvement and all found bugs are reported back directly driving improvement; what's not to like? Fri, 23 May 2008 12:54:00 GMT donotreply@osnews.com (jabbotts) Comments RE: Were's the beef? http://osnews.com/thread?315419 http://osnews.com/thread?315419 Not much to say. Generally all software is improving. Without knowing the /difference/ in rate of improvement all we can say is "Well good." Fri, 23 May 2008 17:07:00 GMT donotreply@osnews.com (sorpigal) Comments RE[2]: coverity and open source http://osnews.com/thread?315469 http://osnews.com/thread?315469 I worked on an open-source project used extensively in the systems biology field. (Several major international research institutions are involved in its development.) I called Coverity and asked them if we could use their program for our project. They said they only allow a limited number of open-source projects to use their program for free. Fri, 23 May 2008 23:06:00 GMT donotreply@osnews.com (samad) Comments RE[3]: coverity and open source http://osnews.com/thread?315529 http://osnews.com/thread?315529 Hello Samad,

I was sent a copy of your comment. I would like to know when you called Coverity, and which department, or who you spoke to, if you still have that information.

We don't have a set limit on the number of projects included in the Scan, so either your call was before some of the project was planned out, or I need to do some internal communication to prevent an incorrect message like 'a limited number of projects' from being repeated again.

There are limited resources of course, since we don't have an infinite number of build machines, but I've never turned a project away because of how many projects we have in the Scan already.

There is a backlog of requests for adding new projects, but to get in the queue, submit your project to scan-admin@coverity.com, if you have not done so already. I don't know the name of your project, so I can't proactively check the queue before sending this reply. Sat, 24 May 2008 17:11:00 GMT donotreply@osnews.com (david_maxwell) Comments