[webkit-dev] Pre-proposal: Adding a Coverity instance for WebKIt
thakis at chromium.org
Mon Sep 17 18:21:47 PDT 2012
On Tue, Sep 18, 2012 at 8:11 AM, James Hawkins <jhawkins at chromium.org> wrote:
> Hey folks,
> TL;DR - If you have opinions one way or another about having a Coverity
> instance available for WebKit developers, please respond to this message.
I don't have an opinion, but:
> Coverity is a static analysis tool  which scans source code and reports
> defects in the code. We've been using Coverity to find defects in Chrome
> for a while now, and though there is sometimes a bit of subjectivity
> involved in the defect types (e.g. whether a return value should be
> checked), the signal is generally high.
> Off the top of my head, the following are the defects I spend most of my
> time fixing:
> * Uninitialized variables (including member variables).
> - Chrome has had at least 4 crash fixes in the past few months due to this
> defect (which were caught by Coverity).
This sounds very useful. Do you know how this is done? If you have a
class whose constructor calls a clear() function which sets all
variables, will it warn about the constructor not initializing all
members? If so, how do you suppress the warning in this case?
(There was a thread on the clang mailing list on having a warning like
this, and we couldn't come up with a good way to handle this case.)
> * Passing large parameters by value.
> - Generally a trivial fix. I don't have performance data to say what
> affect fixing these hash, but 'death by a thousand cuts' eh?
I have seen at least three crashes in the last few months that were
cause by changes to fix this warning (something that used to be a
copied object became a dangling reference). I'm not sure this warning
is worth it.
> * Forward/Reverse/I - Nulls.
> - Coverity is very good at understanding when a value is NULL and the tool
> will tell you which code paths are using a NULL value.
> * Tons of security issue-causing defects.
> I'd like to propose adding a Coverity instance for the WebKit community, but
> I want to make sure there's general support before writing up the detailed
> A few details:
> * Google will front the cost of the license (non-zero...very far from zero)
> and the infrastructure.
> * I'd leave it up to the WebKit leadership to decide who has access (most
> likely limited to WebKit committers for security purposes).
> The biggest rationale is to provide a strong defect signal for the entire
> WebKit community, which would directly impact the success of all
> WebKit-based projects. Coverity has provided free licenses for unsponsored
> (by larger corporations anyway) open-source projects; this has resulted in
> significant improvements  to the code bases of these projects, one of
> which I was directly involved with years ago (Wine).
> Let me know if you love the idea or hate it.
>  http://www.coverity.com/products/static-analysis.html
> - registration required now :(
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
More information about the webkit-dev