[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Coverity Scan for GNUstep?
From: |
Fred Kiefer |
Subject: |
Re: Coverity Scan for GNUstep? |
Date: |
Mon, 29 Jan 2018 09:28:33 +0100 |
> Am 29.01.2018 um 09:20 schrieb Richard Frith-Macdonald <address@hidden>:
>
>
>
>> On 22 Jan 2018, at 22:23, Fred Kiefer <address@hidden> wrote:
>>
>>
>> In the meantime my connection with GNUstep has been confirmed and I was able
>> to look at the found issues. Many of them are false positives mostly caused
>> by Coverity expecting normal program continuation after NSException raise.
>> Even so it did detect a few potential issues in base. I flagged some of the
>> false positives so the more interesting bits are left over for somebody to
>> look at. Especially the „time of check, time of use“ issues should be looked
>> at.
>
> I think the few outstanding defects are all addressed now,
> Looking at a link from the coverty report I found this:
>
> Open Source Defect Density
>
> GNUstep base: 999,026 line of code and 0.01 defect density
>
> Open Source Defect Density By Project Size
>
> Line of Code (LOC) Defect Density
> Less than 100,000 0.35
> 100,000 to 499,999 0.5
> 500,000 to 1 million 0.7
> More than 1 million 0.65
> Note: Defect density is measured by the number of defects per 1,000 lines of
> code, identified by the Coverity platform. The numbers shown above are from
> our 2013 Coverity Scan Report, which analyzed 250 million lines of open
> source code.
>
> While it would have been better if it hadn't found any defects, it's still
> nice to see that our defect density is about a 70th of their normal finding
> (presumably those ratings are mean values for projects in the four size
> categories).
There is a problem with these numbers. Coverity did only analyse about one
third of the Objective-C files in GNUstep base and most likely only the smaller
files. Coverity at the moment has issues with Objective-C protocols and only
works with files where there are no references to any. That means we don’t know
how many of the 1 million lines where actually checked for defects. The number
0.01 is basically meaningless :-)
Fred
- Re: Coverity Scan for GNUstep?, (continued)
- Re: Coverity Scan for GNUstep?, Patryk Laurent, 2018/01/21
- Re: Coverity Scan for GNUstep?, Fred Kiefer, 2018/01/22
- Re: Coverity Scan for GNUstep?, Ivan Vučica, 2018/01/24
- Re: Coverity Scan for GNUstep?, Ivan Vučica, 2018/01/24
- Re: Coverity Scan for GNUstep?, Fred Kiefer, 2018/01/25
- Re: Coverity Scan for GNUstep?, Richard Frith-Macdonald, 2018/01/25
- Re: Coverity Scan for GNUstep?, David Chisnall, 2018/01/25
- Re: Coverity Scan for GNUstep?, Richard Frith-Macdonald, 2018/01/29
- Re: Coverity Scan for GNUstep?,
Fred Kiefer <=
- Re: Coverity Scan for GNUstep?, Richard Frith-Macdonald, 2018/01/29
- Re: Coverity Scan for GNUstep?, Ivan Vučica, 2018/01/29
- Re: Coverity Scan for GNUstep?, Fred Kiefer, 2018/01/29
- Re: Coverity Scan for GNUstep?, Wolfgang Lux, 2018/01/29
- Re: Coverity Scan for GNUstep?, Fred Kiefer, 2018/01/29
- Re: Coverity Scan for GNUstep?, Fred Kiefer, 2018/01/30
Re: Coverity Scan for GNUstep?, Richard Frith-Macdonald, 2018/01/15