Re: Coverity Open Source Defect Scan of PostgreSQL - Mailing list pgsql-hackers

From Neil Conway
Subject Re: Coverity Open Source Defect Scan of PostgreSQL
Date
Msg-id 1141667960.6785.19.camel@localhost.localdomain
Whole thread Raw
In response to Re: Coverity Open Source Defect Scan of PostgreSQL  (Alvaro Herrera <alvherre@commandprompt.com>)
Responses Re: Coverity Open Source Defect Scan of PostgreSQL
Re: Coverity Open Source Defect Scan of PostgreSQL
Re: Coverity Open Source Defect Scan of PostgreSQL
List pgsql-hackers
On Mon, 2006-03-06 at 11:55 -0300, Alvaro Herrera wrote:
> AFAIR they got a private scan done and they fixed the reported defects.

Indeed: EnterpriseDB paid for a license for the Coverity static analysis
tool, and then ran that tool on the open-source Postgres tree. One of
their engineers then worked with me to get a bunch of patches committed
to fix the issues the tool identified -- e.g.

http://archives.postgresql.org/pgsql-committers/2005-06/msg00428.php
http://archives.postgresql.org/pgsql-committers/2005-06/msg00314.php
http://archives.postgresql.org/pgsql-committers/2005-06/msg00315.php
http://archives.postgresql.org/pgsql-committers/2005-06/msg00298.php

The tool found a few significant bugs, but most of the fixes were
somewhat cosmetic. (Perhaps one reason for this is that the Stanford
checker was run on an earlier version of PostgreSQL by some grad
students at Stanford, who submitted patches / bug reports for the more
serious issues they found.)

I'm a bit surprised to see that there are ~300 unfixed defects: AFAIR I
fixed all the issues the EDB guys passed on to me, with the exception of
some false positives and a handful of minor issues in ECPG that I
couldn't be bothered fixing (frankly I would rather not touch the ECPG
code). I've requested access to the Coverity results -- I'll be curious
to see if we can get any more useful fixes from the tool.

-Neil




pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: [PATCHES] Inherited Constraints
Next
From: Bruce Momjian
Date:
Subject: Re: Krb5 & multiple DB connections