AutoHotkey Homepage AutoHotkey Community
Let's help each other out
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Automated defect detection within open source software

 
Post new topic   Reply to topic    AutoHotkey Community Forum Index -> General Chat
View previous topic :: View next topic  
Author Message
toralf



Joined: 31 Jan 2005
Posts: 3841
Location: Bremen, Germany
PostPosted: Tue Apr 04, 2006 7:10 am    Post subject: Automated defect detection within open source software Reply with quote
Department of Homeland Security is sponsoring a project that detects defects in open source software written in C/C++.
It has scanned more then 15 Million lines of code of very popular codes so far.
http://scan.coverity.com

You can submit your own code of a free trial (see link on above mentioned page) and will get a list of 30 defects back within hours.

@Chris: I do not know how you feel about it, but maybe it would be of interest to send AHK for a check?
_________________
Ciao
toralf
Back to top
View user's profile Send private message Send e-mail Visit poster's website
BoBo
Guest
PostPosted: Tue Apr 04, 2006 9:19 am    Post subject: Reply with quote
Whooopee, that way we might get a new AHK command - proudly added by the DoHS: SpyYourNeighbour Cool <-- hell, isn't that icon wearing already one of their standard FBI agent sunglases Wink
Back to top
toralf



Joined: 31 Jan 2005
Posts: 3841
Location: Bremen, Germany
PostPosted: Tue Apr 04, 2006 10:36 am    Post subject: Reply with quote
I don't think there is anything bad in the service they offer.
1) The code is public anyway, so if anyone wants to take a look, it's there.
2) They do not change anything, they just give you a report on defects that might result in a crash. The code has to be fixed by the owner himself.
3) DoHS is sponsoring the project, yes, but I can hardly imagine what benefit they have if someone sends them their code, since they could get the code from the web anyway. So their only interest I can imagine is to secure the software they would like to use to cut costs. And making their "homeland software infrastructure" more secure against attacks.
_________________
Ciao
toralf
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Micha



Joined: 15 Nov 2005
Posts: 440
Location: Germany
PostPosted: Tue Apr 04, 2006 11:36 am    Post subject: Reply with quote
Another good software is LINT. It's not free, it's only a command-line-tool, but helped me a lot of times.
Ciao
Micha
Back to top
View user's profile Send private message
PhiLho



Joined: 27 Dec 2005
Posts: 6721
Location: France (near Paris)
PostPosted: Tue Apr 04, 2006 12:23 pm    Post subject: Reply with quote
The lint I know is a Unix command, so it is available in all Unices.
I suppose you are referring to a commercial version of this tool.
There are free versions too. Well, I just searched lint on SF.net, but they seems in very early stages... There is a more comprehensive list (mostly for Unix though) and another one.

Note that setting warnings at highest level is already a good practice.

Of course, there is also the commercial BoundsChecker and Purify as well as VSTS and PC-lint
_________________
vPhiLho := RegExReplace("Philippe Lhoste", "^(\w{3})\w*\s+\b(\w{3})\w*$", "$1$2")
Back to top
View user's profile Send private message Visit poster's website
Micha



Joined: 15 Nov 2005
Posts: 440
Location: Germany
PostPosted: Tue Apr 04, 2006 12:41 pm    Post subject: Reply with quote
Hi,
yes I meant PC-Lint from gimpel, but I can't remember the company-name Smile

Ciao
Micha
Back to top
View user's profile Send private message
Chris
Site Admin


Joined: 02 Mar 2004
Posts: 10480
PostPosted: Tue Apr 04, 2006 1:47 pm    Post subject: Re: Automated defect detection within open source software Reply with quote
toralf wrote:
You can submit your own code of a free trial (see link on above mentioned page) and will get a list of 30 defects back within hours.
I applied for a free trial. I was a little wary of giving them my e-mail address since I didn't see a prominent mention of their privacy policy (for example, a lot of sites nowadays state right on the e-mail field that "we will not sell or share your e-mail address". But this site doesn't -- in fact it invites you to check boxes to receive additional/commercial mailings).

This is what I got back so far:
Quote:
Thank you registering for a free trial. Someone from Coverity will be contacting you shortly.
In the meantime, please download Coverity’s documents to learn more about our products, services and customers.

When they contact me, I'll send them the code (there doesn't appear to be any way to do it until then).

Thanks for the info.
Back to top
View user's profile Send private message Send e-mail
Laughing Man



Joined: 28 Apr 2005
Posts: 84
Location: Maryland
PostPosted: Tue Apr 04, 2006 9:52 pm    Post subject: Reply with quote
toralf wrote:
3) DoHS is sponsoring the project, yes, but I can hardly imagine what benefit they have if someone sends them their code, since they could get the code from the web anyway. So their only interest I can imagine is to secure the software they would like to use to cut costs. And making their "homeland software infrastructure" more secure against attacks.


pfft, you have to remember people are lazy. With this fools send in their code and now DoHS doesn't have to scour the web for it. Laughing
_________________
"I thought what I'd do was I'd pretend I was one of those deaf-mutes" ~ Laughing Man - GITS:SAC
Back to top
View user's profile Send private message Yahoo Messenger
Display posts from previous:   
Post new topic   Reply to topic    AutoHotkey Community Forum Index -> General Chat All times are GMT
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum


Powered by phpBB © 2001, 2005 phpBB Group