using Coverity to audit the code base

  • From: Liviu Andronic <landronimirc@xxxxxxxxx>
  • To: emelfm2 <emelfm2@xxxxxxxxxxxxx>
  • Date: Sat, 7 Feb 2015 21:13:38 +0100

Hi Tom,
Recently I've discovered Coverity, a code checking tool, and went
ahead and submitted the emelFM2 code for static analysis by this

Coverity has uncovered ~140 implementation defects in the code
base, with 15 or so of high severity (memory corruption, resource
leaks, etc.) To view the defects, you need to connect with your Github
account (or create one with Coverity) and request 'Add me to project'
(which I shall then approve). Coverity provides overall metrics like
defect density (emelFM2 scores 0.83, which is OK), but also classifies
uncovered bugs by type and severity, and provides a nice UI trying to
explain to the devels the specifics of the bug and how to address it
(e.g. where it happens, why it's an issue, etc.)

This tool is being used by heavy-hitters like LibreOffice, Linux
Kernel, Firefox or Python to improve the robustness of their code
base. I suspect that Coverity could prove invaluable when trying to
hunt down frustrating implementation issues causing obscure bugs.

In any case the identified bugs are now ready for inspection by the
devels, so feel free to drop by!


Do you think you know what math is?
Or what it means to be intelligent?
Think again:

Users can unsubscribe from the list by sending email to 
emelfm2-request@xxxxxxxxxxxxx with 'unsubscribe' in the subject field or by 
logging into the web interface.

Other related posts: