[Qgis-developer] QGIS and Coverity scans

Nyall Dawson nyall.dawson at gmail.com
Wed Feb 11 03:13:17 PST 2015 

Hi all,

If you've been following recent git commits, you'll have noticed a lot
of "Coverity" related commits, and may be wondering what these are all
about.

Coverity Scan ( https://scan.coverity.com/ ) is a powerful automated
static code analyser which is able to detect a large number of code
errors, such as memory leaks and potential crashes, and even things
like accidental copy/paste errors. It's a well respected service and
fortunately offers free testing of open source projects (it's quite
expensive for commercial software).

When we first ran Coverity over the QGIS codebase about 2 weeks ago it
picked up just over 1000 potential issues, with a defect density of
about 1 error per 1000 lines of code. Apparently the standard for
"good" software is a defect density of 1. For comparison, python sits
at 0.08, and the Linux kernel at 0.53. Libreoffice's latest release
hit 0.02, and they used this as a big highlight of their press release
[1].

Thanks to Jürgen and Martin's assistance we're now down to a defect
density of 0.26. I'm hoping that with a bit more work we can smash
this down even further and possibly even reach the coveted "Coverity
Clean" status [2] for 2.8. In any case this is a great demonstration
that we are serious about code quality and stable releases, and is a
good selling point for our first LTS release (alongside the expanding
test suite and Travis CI testing).

Unfortunately we can't automate submission to Coverity via Travis
builds due to the compilation time required to build QGIS using
Coverity exceeding Travis' limits, so I'm currently manually
submitting builds to Coverity on a semi-regular schedule.

The full Coverity defect reports are available by invitation only. If
you're a developer and want to view them, let me know and I'll add you
to the group.

Nyall


[1] http://blog.documentfoundation.org/2015/01/29/libreoffice-4-4-the-most-beautiful-libreoffice-ever/
[2] Why is this important? well... I really want to beat MapInfo
there! http://www.pb.com/pbs-voc/product-improvements.shtml

More information about the Qgis-developer mailing list