[systemd-devel] Coverity scanning and results

Philippe De Swert philippedeswert at gmail.com
Wed Sep 17 09:00:21 PDT 2014


Hi all,

Just a short update to point out again that I am now making regular
coverity scans of systemd. If you want to check them out go to
http://scan.coverity.com (unfortunately requires an account to join
and see the actual "defects")

Otherwise it seems to have already led to some healthy results. About
30 patches were sent in or made after some issue was pointed out. Thank
you Thomas Andersen, David Herrmann, Andreas Henriksson and whoever I
forgot.

And now some numbers. When I did the first scan last week we had close
to 500 open "defects" and an defect density of 2.5. Now after some
sorting,dismissing false positives, patches, rewrites etc it has dropped
to 1.05. After splitting the tests out systemd core has a defect
density of 0.89, the tests are at 8.12.

Coverity has up until now identified 692 possible defects, 114 where
dismissed (false positives and intentional behaviour) and a whopping 201
got fixed (although a number of those was due to false positives
being eliminated once selinux support was taken into account also).

Most of the low hanging fruit has probably been picked, so I encourage
people with a better knowledge of the code to start looking at the
reports if they feel like it. Still about 300 reports to go through ;)

Regards,

Philippe


More information about the systemd-devel mailing list