Re: Coverity Scan for GNUstep?

[Fred Kiefer]

> Am 29.01.2018 um 09:20 schrieb Richard Frith-Macdonald <address@hidden>:
> 
> 
> 
>> On 22 Jan 2018, at 22:23, Fred Kiefer <address@hidden> wrote:
>> 
>> 
>> In the meantime my connection with GNUstep has been confirmed and I was able 
>> to look at the found issues. Many of them are false positives mostly caused 
>> by Coverity expecting normal program continuation after NSException raise. 
>> Even so it did detect a few potential issues in base. I flagged some of the 
>> false positives so the more interesting bits are left over for somebody to 
>> look at. Especially the „time of check, time of use“ issues should be looked 
>> at. 
> 
> I think the few outstanding defects are all addressed now,
> Looking at a link from the coverty report I found this:
> 
> Open Source Defect Density
> 
> GNUstep base: 999,026 line of code and 0.01 defect density
> 
> Open Source Defect Density By Project Size
> 
> Line of Code (LOC)    Defect Density
> Less than 100,000     0.35
> 100,000 to 499,999    0.5
> 500,000 to 1 million  0.7
> More than 1 million   0.65
> Note: Defect density is measured by the number of defects per 1,000 lines of 
> code, identified by the Coverity platform. The numbers shown above are from 
> our 2013 Coverity Scan Report, which analyzed 250 million lines of open 
> source code.
> 
> While it would have been better if it hadn't found any defects, it's still 
> nice to see that our defect density is about a 70th of their normal finding 
> (presumably those ratings are mean values for projects in the four size 
> categories).

There is a problem with these numbers. Coverity did only analyse about one 
third of the Objective-C files in GNUstep base and most likely only the smaller 
files. Coverity at the moment has issues with Objective-C protocols and only 
works with files where there are no references to any. That means we don’t know 
how many of the 1 million lines where actually checked for defects. The number 
0.01 is basically meaningless :-)

Fred