?

Log in

No account? Create an account
coverity - brad's life — LiveJournal [entries|archive|friends|userinfo]
Brad Fitzpatrick

[ website | bradfitz.com ]
[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

coverity [Apr. 16th, 2004|06:00 pm]
Brad Fitzpatrick
There's now a commercial entity behind the Stanford Meta-Compilation project (the "Checker"):
http://www.ussg.iu.edu/hypermail/linux/kernel/0404.2/0162.html

And they release for free a database of Linux bugs:
http://linuxbugs.coverity.com

The registration part is lame, but once you do, there's a shitload of bugs. I wonder how many security fixes will come out of this.
LinkReply

Comments:
From: evan
2004-04-16 06:43 pm (UTC)
I don't especially want to register, but: does it look like they're real bugs? A lot of static checkers find "bugs" that are actually just unclear code. (*grumbles something about languages not being powerful enough to express programmer intentions...*)
(Reply) (Thread)
[User Picture]From: brad
2004-04-16 07:13 pm (UTC)
The ones I looked at all looked real. I was pretty impressed at all the rules and what they were able to catch.
(Reply) (Parent) (Thread)