[webkit-dev] Pre-proposal: Adding a Coverity instance for WebKIt

Eric Seidel eric at webkit.org
Mon Sep 17 16:46:28 PDT 2012


On Mon, Sep 17, 2012 at 6:35 PM, Benjamin Poulain <benjamin at webkit.org> wrote:
> On Mon, Sep 17, 2012 at 4:11 PM, James Hawkins <jhawkins at chromium.org>
> wrote:
>>
>> A few details:
>> * Google will front the cost of the license (non-zero...very far from
>> zero) and the infrastructure.
>> * I'd leave it up to the WebKit leadership to decide who has access (most
>> likely limited to WebKit committers for security purposes).
>>
>> The biggest rationale is to provide a strong defect signal for the entire
>> WebKit community, which would directly impact the success of all
>> WebKit-based projects.  Coverity has provided free licenses for unsponsored
>> (by larger corporations anyway) open-source projects; this has resulted in
>> significant improvements [2] to the code bases of these projects, one of
>> which I was directly involved with years ago (Wine).
>
>
> I am a little skeptical of Coverity because of bad patches that originated
> for its report (sometimes even discussed on webkit-dev). I think we should
> keep in mind the tool also make many mistakes and we should not blindly
> follows it.
>
> Could this be integrated with the EWS like a kind of advanced "style check"?

I think this is a great idea, and would be trivial if coverity could
be convinced to run on a diff file, or if we could wrap it in a script
to only report errors on the changed lines.  Either sounds very
doable.  The EWS infrastructure is already in place once such a script
exists.

> Reporting possible improvements before patches lands would be more useful
> than a separate bot.
>
> Benjamin
>
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> http://lists.webkit.org/mailman/listinfo/webkit-dev
>


More information about the webkit-dev mailing list