develooper Front page | perl.perl5.porters | Postings from April 2014

FYI: upcoming Coverity-induced fixes

Thread Next
Jarkko Hietaniemi
April 21, 2014 21:34
FYI: upcoming Coverity-induced fixes
Message ID:
Background: I was recently email-pinged by Coverity support team about 
what extra support we would need for "your ongoing project".  After a 
moment of head-scratching I realized that they must be talking about 
perl5 Coverity set-up which was used for a while aeons (well, some 
years) ago.

I asked rjbs about it but it seems that there was currently no active 
effort on that front.  Well, I fixed that...  I set up 'perl5' Coverity 
open source project, uploaded blead snapshot as of 90ab41, and started 
the analysis.

The result: 31 "high impact" issues, and about 290 more (medium and 
low).  I've gone through the high impact ones, and so far maybe one 
third are worth a patch, one third were false positives (some of which 
can be annotated as such to Coverity), the last third indicate cases 
where Coverity could possibly be taught to understand Perl code better 
(that is, shut up about certain things we tend to do).

If other people want to take a look at the issues, I *think* all they 
need to do is to create a Coverity account ( 
and then join the 'perl5' project which I created, I will approve the joins.

Many of the reported issues (especially in the "low" end) may be false 
alarms.  Though... my standard response for "this static checking tool 
got this wrong, therefore it sucks and I won't be using it" is "if your 
code is messy enough for a static checker to get it wrong, it may be 
time to clean up your code".

I will be sending out the fixes I think are immediately fixable.

Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About