Coverity Open Source Defect Scan of OpenOffice

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Coverity Open Source Defect Scan of OpenOffice

Ben Chelf
Hello OpenOffice Developers,

   As some of you may have heard, last month Coverity set up
http://scan.coverity.com as a site dedicated to scanning open source
projects for defects. In just 1 month, over 4500 defects have been
examined by various open source developers, and from what we can tell,
it seems that there have been over 2500 patches to the scanned code
bases! Due to popular request, I’m happy to announce that we’ve added
OpenOffice to the list of projects scanned on the site. For those of you
not familiar with "scan" yet and by way of introduction ...

   I'm the CTO of Coverity, Inc., a company that has technology that
performs static source code analysis to look for defects in code. You
may have heard of us or of our technology from its days at Stanford (the
"Stanford Checker"). The reason I'm writing is because we have set up a
framework internally to continually scan open source projects and
provide the results of our analysis back to the developers of those
projects. To see the results of the project, check out:

http://scan.coverity.com

   My belief is that we (Coverity) must reach out to the developers of
these packages (you) in order to make progress in actually fixing the
defects that we happen to find, so this is my first step in that
mission. Of course, I think Coverity technology is great, but I want to
hear what you think and that's why I worked with folks at Coverity to
put this infrastructure in place. The process is simple -- it checks out
your code each night from your repository and scans it so you can always
see the latest results.

   Right now, we're guarding access to the actual defects that we report
for a couple of reasons: (1) We think that you, as developers of
OpenOffice, should have the chance to look at the defects we find to
patch them before random other folks get to see what we found and (2)
 From a support perspective, we want to make sure that we have the
appropriate time to engage with those who want to use the results to fix
the code. Because of this second point, I'd ask that if you are
interested in really digging into the results a bit further for your
project, please have a couple of core maintainers and/or developers
reach out to us to request access. As this is a new process for us and
still involves a small number of packages, I want to make sure that I
personally can be involved with the activity that is generated from this
effort.

   So I'm basically asking for people who want to play around with some
cool new technology to help make source code better. If this interests
you, please feel free to register on our site or email me directly. And
of course, if there are other packages you care about that aren't
currently on the list, I want to know about those too.

   If this is the wrong list, my sincerest apologies and please let me
know where would be a more appropriate forum for this type of message.

Many thanks for reading this far...

-ben

  Ben Chelf
  Chief Technology Officer
  Coverity, Inc.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Coverity Open Source Defect Scan of OpenOffice

Pavel Janík
   From: Ben Chelf <[hidden email]>
   Date: Wed, 05 Apr 2006 19:44:02 -0700

Hello,

   > Hello OpenOffice Developers,

our project is named OpenOffice.org. Please use the correct name to refer
to our project.

   > To see the results of the project, check out:
   >
   > http://scan.coverity.com

I checked the site and I can't see any results there. Can you show us one
example of such defect? Where can we download them all in one file?

   > put this infrastructure in place. The process is simple -- it checks
   > out your code each night from your repository and scans it so you can
   > always see the latest results.

That is great - so in which form do you plan to provide the results to us?

   >   So I'm basically asking for people who want to play around with some
   > cool new technology to help make source code better.

Good. I'm interested to make source code better - where can I download it
so I can run it on my system and view the results of running it over
OpenOffice.org source code without restrictions?
--
Pavel Janík

The name of the command, woman, is an acronym for "w/o (without) man,"
since it doesn't use the man program."
                  -- An unknown author in GNU Emacs manual

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Coverity Open Source Defect Scan of OpenOffice

Martin Hollmichel - Sun Germany - ham02 - Hamburg
In reply to this post by Ben Chelf
Hi Ben,

thank you for giving us this opportunity. I took the chance and did a
quick review of the results:

There were about 665 reports for OpenOffice.org, this includes third
party software OpenOffice.org is using and has included in the source.
There were reports for these software:
Python: 85
berkeleydb: 79
icu: 217
libxml2: 90
freetype: 20
STLport: 9
nas: 91
Sablot: 9
plus some other.

This will leave about 40 issue for the OpenOffice.org code basis. I will
take a deeper look into the remaining issues with the developers and
will give more feedback in the next days,

Martin


Ben Chelf wrote:

> Hello OpenOffice Developers,
>
>   As some of you may have heard, last month Coverity set up
> http://scan.coverity.com as a site dedicated to scanning open source
> projects for defects. In just 1 month, over 4500 defects have been
> examined by various open source developers, and from what we can tell,
> it seems that there have been over 2500 patches to the scanned code
> bases! Due to popular request, I’m happy to announce that we’ve added
> OpenOffice to the list of projects scanned on the site. For those of you
> not familiar with "scan" yet and by way of introduction ...
>
>   I'm the CTO of Coverity, Inc., a company that has technology that
> performs static source code analysis to look for defects in code. You
> may have heard of us or of our technology from its days at Stanford (the
> "Stanford Checker"). The reason I'm writing is because we have set up a
> framework internally to continually scan open source projects and
> provide the results of our analysis back to the developers of those
> projects. To see the results of the project, check out:
>
> http://scan.coverity.com
>
>   My belief is that we (Coverity) must reach out to the developers of
> these packages (you) in order to make progress in actually fixing the
> defects that we happen to find, so this is my first step in that
> mission. Of course, I think Coverity technology is great, but I want to
> hear what you think and that's why I worked with folks at Coverity to
> put this infrastructure in place. The process is simple -- it checks out
> your code each night from your repository and scans it so you can always
> see the latest results.
>
>   Right now, we're guarding access to the actual defects that we report
> for a couple of reasons: (1) We think that you, as developers of
> OpenOffice, should have the chance to look at the defects we find to
> patch them before random other folks get to see what we found and (2)
>  From a support perspective, we want to make sure that we have the
> appropriate time to engage with those who want to use the results to fix
> the code. Because of this second point, I'd ask that if you are
> interested in really digging into the results a bit further for your
> project, please have a couple of core maintainers and/or developers
> reach out to us to request access. As this is a new process for us and
> still involves a small number of packages, I want to make sure that I
> personally can be involved with the activity that is generated from this
> effort.
>
>   So I'm basically asking for people who want to play around with some
> cool new technology to help make source code better. If this interests
> you, please feel free to register on our site or email me directly. And
> of course, if there are other packages you care about that aren't
> currently on the list, I want to know about those too.
>
>   If this is the wrong list, my sincerest apologies and please let me
> know where would be a more appropriate forum for this type of message.
>
> Many thanks for reading this far...
>
> -ben
>
>  Ben Chelf
>  Chief Technology Officer
>  Coverity, Inc.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Coverity Open Source Defect Scan of OpenOffice

Jörg Wartenberg
Hi Martin,

> There were about 665 reports for OpenOffice.org, this includes third
> party software OpenOffice.org is using and has included in the source.
> There were reports for these software:
> Python: 85
> berkeleydb: 79
> icu: 217
> libxml2: 90
> freetype: 20
> STLport: 9
> nas: 91
> Sablot: 9
> plus some other.
Did you forward the reports to this projects? As a user, I just see that
OOo crashes, it's irrelevant for the user which project is responsible
for the crash...

According to http://scan.coverity.com , only the Python project is in
the scan too. Python has already fixed the most of it's bugs.

>
> This will leave about 40 issue for the OpenOffice.org code basis. I
> will take a deeper look into the remaining issues with the developers
> and will give more feedback in the next days,
I think this is a quite good number for such a big project!

Regards Jörg Wartenberg

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Coverity Open Source Defect Scan of OpenOffice

Henrik Sundberg
In reply to this post by Pavel Janík
2006/4/6, Pavel Janík <[hidden email]>:
>    > To see the results of the project, check out:
>    >
>    > http://scan.coverity.com
>
> I checked the site and I can't see any results there. Can you show us one
> example of such defect? Where can we download them all in one file?

I pressed the "register" link and were asked to fill in this form:
- To get access to the OpenOffice report please supply your:
- Full Name:
- Email:
- Phone Number:
- Your association with the project and purpose of access:

I found no privacy policy. And no other information about how Coverity
will use my data. As Pavel I would like to see the reports, but not
under these circumstances.

/$

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Coverity Open Source Defect Scan of OpenOffice

Caolán McNamara
In reply to this post by Martin Hollmichel - Sun Germany - ham02 - Hamburg
On Fri, 2006-04-07 at 12:14 +0200, Martin Hollmichel wrote:
> This will leave about 40 issue for the OpenOffice.org code basis. I
> will
> take a deeper look into the remaining issues with the developers and
> will give more feedback in the next days,

Any progress on this ? Is there any worth to the rest of us getting
involved, or will we just get in each others way ?

C.

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Coverity Open Source Defect Scan of OpenOffice

Jan Holesovsky
On Wednesday 26 April 2006 15:24, Caolan McNamara wrote:
> On Fri, 2006-04-07 at 12:14 +0200, Martin Hollmichel wrote:
> > This will leave about 40 issue for the OpenOffice.org code basis. I
> > will
> > take a deeper look into the remaining issues with the developers and
> > will give more feedback in the next days,
>
> Any progress on this ? Is there any worth to the rest of us getting
> involved, or will we just get in each others way ?

I think we won't get in each others way as long as we add a reference to the
IssueZilla bug in the coverity system; did that for bug with CID: 358 (in IZ
as http://www.openoffice.org/issues/show_bug.cgi?id=64789).

Regards,
Jan

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]