[sldev] Static code analysis

Soft soft at lindenlab.com
Sun Jan 11 20:13:44 PST 2009


On Sun, Jan 11, 2009 at 7:57 PM, Jason Giglio <gigstaggart at gmail.com> wrote:
> Sheet Spotter wrote:
>> I stumbled into a code analysis tool from Coverity that claims to
>> identify source code flaws through an elaborate static code analysis
>> with a lower "false positive" rate than similar tools. Coverity seems to
>> offer their tool (or their services?) free of charge to open source
>> projects.
>
> I went through this a couple years ago.
>
> The conclusion of the thread was that Linden Lab already licensed
> Coverity internally, and they weren't going to release the results of
> the report to us.  There were some vague excuses about security or
> something, and that the open source community can't really help fix
> those kinds of bugs anyway.

The problem is that the Coverity report is generated against the full
build, including server components and things where we don't have a
license to redistribute code. If we renew our Coverity license (that's
up in the air - I'd heard that it's hugely expensive), the plan is to
get a separate analysis running against the very same code that's
exported, and to export that routinely.


More information about the SLDev mailing list