[Qgis-developer] QGIS and Coverity scans

Hugo Mercier hugo.mercier at oslandia.com
Wed Feb 11 05:04:56 PST 2015 

Hi,

These are great news, thanks !

I am curious about Coverity. AFAIK, the static analyzer is not open
source, right ? So this works as long as they offer if freely for open
source projects.

What would be very good is to call static analyzers during the build
/testing process (as an option). Has somebody experiences with such
things ? CLang static analyzer ? Valgrind (not static) ? It would be
nice to have these run before each pull request.

What would be also interesting after this coverity pass, is to have a
"QGIS developer guideline" that show frequent mistakes to avoid (beware
of classes with states, use smart pointers, enforce constness, etc.)

Le 11/02/2015 12:47, G. Allegri a écrit :
> That's a great thing Nyall. 
> It proves QGIS is an industry level product from the side of code quality!
> Thanks from me and Gis3W.
> 
> giovanni
> 
> 2015-02-11 12:29 GMT+01:00 Nathan Woodrow <madmanwoo at gmail.com
> <mailto:madmanwoo at gmail.com>>:
> 
>     > Thanks to Jürgen and Martin's assistance 
> 
>     And yours of course. This is some great stabilization to the product. 
> 
>     - Natahn 
> 
>     On Wed Feb 11 2015 at 9:13:32 PM Nyall Dawson
>     <nyall.dawson at gmail.com <mailto:nyall.dawson at gmail.com>> wrote:
> 
>         Hi all,
> 
>         If you've been following recent git commits, you'll have noticed
>         a lot
>         of "Coverity" related commits, and may be wondering what these
>         are all
>         about.
> 
>         Coverity Scan ( https://scan.coverity.com/ ) is a powerful automated
>         static code analyser which is able to detect a large number of code
>         errors, such as memory leaks and potential crashes, and even things
>         like accidental copy/paste errors. It's a well respected service and
>         fortunately offers free testing of open source projects (it's quite
>         expensive for commercial software).
> 
>         When we first ran Coverity over the QGIS codebase about 2 weeks
>         ago it
>         picked up just over 1000 potential issues, with a defect density of
>         about 1 error per 1000 lines of code. Apparently the standard for
>         "good" software is a defect density of 1. For comparison, python
>         sits
>         at 0.08, and the Linux kernel at 0.53. Libreoffice's latest release
>         hit 0.02, and they used this as a big highlight of their press
>         release
>         [1].
> 
>         Thanks to Jürgen and Martin's assistance we're now down to a defect
>         density of 0.26. I'm hoping that with a bit more work we can smash
>         this down even further and possibly even reach the coveted "Coverity
>         Clean" status [2] for 2.8. In any case this is a great demonstration
>         that we are serious about code quality and stable releases, and is a
>         good selling point for our first LTS release (alongside the
>         expanding
>         test suite and Travis CI testing).
> 
>         Unfortunately we can't automate submission to Coverity via Travis
>         builds due to the compilation time required to build QGIS using
>         Coverity exceeding Travis' limits, so I'm currently manually
>         submitting builds to Coverity on a semi-regular schedule.
> 
>         The full Coverity defect reports are available by invitation
>         only. If
>         you're a developer and want to view them, let me know and I'll
>         add you
>         to the group.
> 
>         Nyall
> 
> 
>         [1]
>         http://blog.__documentfoundation.org/2015/__01/29/libreoffice-4-4-the-__most-beautiful-libreoffice-__ever/
>         <http://blog.documentfoundation.org/2015/01/29/libreoffice-4-4-the-most-beautiful-libreoffice-ever/>
>         [2] Why is this important? well... I really want to beat MapInfo
>         there! http://www.pb.com/pbs-voc/__product-improvements.shtml
>         <http://www.pb.com/pbs-voc/product-improvements.shtml>
>         _________________________________________________
>         Qgis-developer mailing list
>         Qgis-developer at lists.osgeo.org
>         <mailto:Qgis-developer at lists.osgeo.org>
>         http://lists.osgeo.org/__mailman/listinfo/qgis-__developer
>         <http://lists.osgeo.org/mailman/listinfo/qgis-developer>
> 
> 
>     _______________________________________________
>     Qgis-developer mailing list
>     Qgis-developer at lists.osgeo.org <mailto:Qgis-developer at lists.osgeo.org>
>     http://lists.osgeo.org/mailman/listinfo/qgis-developer
> 
> 
> 
> 
> -- 
> Giovanni Allegri
> http://about.me/giovanniallegri
> Twitter: https://twitter.com/_giohappy_
> blog: http://blog.spaziogis.it
> GEO+ geomatica in Italia http://bit.ly/GEOplus
> 
> 
> _______________________________________________
> Qgis-developer mailing list
> Qgis-developer at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/qgis-developer
>

More information about the Qgis-developer mailing list