Coverity Open Source Defect Scan of Wine

Thu Apr 6 19:07:55 CDT 2006

Ben Chelf wrote:
> Hello Wine Developers,
>
>   As some of you may have heard, last month Coverity set up 
> http://scan.coverity.com as a site dedicated to scanning open source 
> projects for defects. In just 1 month, over 4500 defects have been 
> examined by various open source developers, and from what we can tell, 
> it seems that there have been over 2500 patches to the scanned code 
> bases! Due to popular request, I’m happy to announce that we’ve added 
> Wine to the list of projects scanned on the site. For those of you not 
> familiar with "scan" yet and by way of introduction ...
>
>   I'm the CTO of Coverity, Inc., a company that has technology that 
> performs static source code analysis to look for defects in code. You 
> may have heard of us or of our technology from its days at Stanford 
> (the "Stanford Checker"). The reason I'm writing is because we have 
> set up a framework internally to continually scan open source projects 
> and provide the results of our analysis back to the developers of 
> those projects. To see the results of the project, check out:
>
> http://scan.coverity.com
>
>   My belief is that we (Coverity) must reach out to the developers of 
> these packages (you) in order to make progress in actually fixing the 
> defects that we happen to find, so this is my first step in that 
> mission. Of course, I think Coverity technology is great, but I want 
> to hear what you think and that's why I worked with folks at Coverity 
> to put this infrastructure in place. The process is simple -- it 
> checks out your code each night from your repository and scans it so 
> you can always see the latest results.
>
>   Right now, we're guarding access to the actual defects that we 
> report for a couple of reasons: (1) We think that you, as developers 
> of Wine, should have the chance to look at the defects we find to 
> patch them before random other folks get to see what we found and (2) 
> From a support perspective, we want to make sure that we have the 
> appropriate time to engage with those who want to use the results to 
> fix the code. Because of this second point, I'd ask that if you are 
> interested in really digging into the results a bit further for your 
> project, please have a couple of core maintainers and/or developers 
> reach out to us to request access. As this is a new process for us and 
> still involves a small number of packages, I want to make sure that I 
> personally can be involved with the activity that is generated from 
> this effort.
>
>   So I'm basically asking for people who want to play around with some 
> cool new technology to help make source code better. If this interests 
> you, please feel free to register on our site or email me directly. 
> And of course, if there are other packages you care about that aren't 
> currently on the list, I want to know about those too.
>
>   If this is the wrong list, my sincerest apologies and please let me 
> know where would be a more appropriate forum for this type of message.
>
> Many thanks for reading this far...
>
> -ben
>
>  Ben Chelf
>  Chief Technology Officer
>  Coverity, Inc.
>
>
>
I would volunteer, but since I'm not one of the core maintainers, I 
think I'd just get laughed at.  So, if any of the core maintainers that 
do volunteer want to pass along some code to someone interested in 
finally learning the internals of the wine code, feel free to forward it 
to me.  I cant guarantee a patch, but I can think like a computer, so my 
code usually comes out pretty much bug free.

Tom