From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
---|---|
To: | Neil Conway <neilc(at)samurai(dot)com> |
Cc: | Alvaro Herrera <alvherre(at)commandprompt(dot)com>, Andreas Pflug <pgadmin(at)pse-consulting(dot)de>, ben(at)coverity(dot)com, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Coverity Open Source Defect Scan of PostgreSQL |
Date: | 2006-03-06 20:02:18 |
Message-ID: | 440C954A.10608@dunslane.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Neil Conway wrote:
>On Mon, 2006-03-06 at 11:55 -0300, Alvaro Herrera wrote:
>
>
>>AFAIR they got a private scan done and they fixed the reported defects.
>>
>>
>
>Indeed: EnterpriseDB paid for a license for the Coverity static analysis
>tool, and then ran that tool on the open-source Postgres tree. One of
>their engineers then worked with me to get a bunch of patches committed
>to fix the issues the tool identified -- e.g.
>
>http://archives.postgresql.org/pgsql-committers/2005-06/msg00428.php
>http://archives.postgresql.org/pgsql-committers/2005-06/msg00314.php
>http://archives.postgresql.org/pgsql-committers/2005-06/msg00315.php
>http://archives.postgresql.org/pgsql-committers/2005-06/msg00298.php
>
>The tool found a few significant bugs, but most of the fixes were
>somewhat cosmetic. (Perhaps one reason for this is that the Stanford
>checker was run on an earlier version of PostgreSQL by some grad
>students at Stanford, who submitted patches / bug reports for the more
>serious issues they found.)
>
>I'm a bit surprised to see that there are ~300 unfixed defects: AFAIR I
>fixed all the issues the EDB guys passed on to me, with the exception of
>some false positives and a handful of minor issues in ECPG that I
>couldn't be bothered fixing (frankly I would rather not touch the ECPG
>code). I've requested access to the Coverity results -- I'll be curious
>to see if we can get any more useful fixes from the tool.
>
>
>
For a short while EDB were pushing their Coverity results up to the
buildfarm server, too. But it didn't last long.
cheers
andrew
From | Date | Subject | |
---|---|---|---|
Next Message | Magnus Hagander | 2006-03-06 20:26:57 | Re: [PATCHES] LDAP auth |
Previous Message | Andrew Dunstan | 2006-03-06 20:00:07 | Re: [PATCHES] LDAP auth |