[systemd-devel] Coverity scanning and results

Tom Gundersen teg at jklm.no
Wed Sep 17 09:22:01 PDT 2014


Hi Philippe,

On Wed, Sep 17, 2014 at 6:00 PM, Philippe De Swert
<philippedeswert at gmail.com> wrote:
> Just a short update to point out again that I am now making regular
> coverity scans of systemd. If you want to check them out go to
> http://scan.coverity.com (unfortunately requires an account to join
> and see the actual "defects")
>
> Otherwise it seems to have already led to some healthy results. About
> 30 patches were sent in or made after some issue was pointed out. Thank
> you Thomas Andersen, David Herrmann, Andreas Henriksson and whoever I
> forgot.
>
> And now some numbers. When I did the first scan last week we had close
> to 500 open "defects" and an defect density of 2.5. Now after some
> sorting,dismissing false positives, patches, rewrites etc it has dropped
> to 1.05. After splitting the tests out systemd core has a defect
> density of 0.89, the tests are at 8.12.
>
> Coverity has up until now identified 692 possible defects, 114 where
> dismissed (false positives and intentional behaviour) and a whopping 201
> got fixed (although a number of those was due to false positives
> being eliminated once selinux support was taken into account also).
>
> Most of the low hanging fruit has probably been picked, so I encourage
> people with a better knowledge of the code to start looking at the
> reports if they feel like it. Still about 300 reports to go through ;)

Thanks for getting this started! I just signed up to try to help out.

Cheers,

Tom


More information about the systemd-devel mailing list