'Re: Coverity scan of gnuplot code'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gnuplot-info-beta
Subject:    Re: Coverity scan of gnuplot code
From:       Ethan Merritt <merritt () u ! washington ! edu>
Date:       2008-06-06 20:50:29
Message-ID: 200806061350.29786.merritt () u ! washington ! edu
[Download RAW message or body]

On Friday 06 June 2008 05:45:06 am Brendan Burns wrote:
> 
> I will be setting up an account for myself as the primary contact for  
> Coverity.
> 
> I have two questions:
> 
> a) Does anyone else want a login?

Sure.  Give them sfeam as a user name, since that's my SourceForge ID.
 
> b) What version of gnuplot do we want Coverity to scan?  The latest  
> stable release?  The latest development release?  The source repository?

There is no such thing as "latest development release", but I could
run off an installable snapshot of the CVS source tree if that's what
they prefer to work from.

Thanks for taking the lead on this.

	Ethan

> Thanks!
> --brendan
> 
> 
> On May 20, 2008, at 5:07 PM, Ethan Merritt wrote:
> 
> > There's a press release from Coverity today:
> > 	http://lwn.net/Articles/283179/
> > saying that they are releasing
> > "2 years of analysis of more than 55 million lines of code on a  
> > recurring
> > basis from over 250 popular open source projects with Coverity  
> > PreventT, the
> > industry-leading static source code analysis solution."
> >
> > You may or may not recall that Coverity is a commercial outfit
> > that started life as the "Stanford Checker".  As I understand it, it  
> > uses
> > a highly-modified C compiler to examine the code and report flawed  
> > code
> > paths, failures of initialization, and so on.  Anyhow, the point is  
> > that
> > gnuplot is one of the 250 code bases that they analyzed.  The press  
> > release
> > says that
> > "Source code analysis from the Scan site is freely available
> > to qualified open source projects at: http://scan.coverity.com"
> >
> > A quick look at that site doesn't make it obvious what one actually
> > gets as part of the analysis, but I suppose it is worth pursuing.
> > That's a lot of high-powered bug-checking already done for us.
> > But I wonder what version of the code they checked?
> > The site does say that if you work with them to reduce the number
> > of bugs, they will re-run the analysis on a current source tree.
> >
> > Anyone interested in contacting them?
> >
> > -- 
> > Ethan A Merritt
> >
> Hey Folks,
> I contacted Ethan off list and told him I would be interested in  
> following up with Coverity.
> After a couple of weeks, I finally got the following response:
> 
> > We already did an analysis of gnuplot some time ago, and I can put  
> > that
> > online quite quickly as soon as the new server is ready, but we'll  
> > want
> > to give you an updated build as well.
> >
> > Send me a list of developers who want a login to the database, and  
> > I'll
> > get their accounts set up as soon as it's online. If there's a
> > particular person who wants to be the primary contact for us, please  
> > let
> > me know who that is as well.
> >
> > Thank You.



-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
gnuplot-beta mailing list
gnuplot-beta@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/gnuplot-beta
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic