From: Petter Reinholdtsen Date: Sat, 2 May 2009 12:52:56 +0000 (+0000) Subject: Ny entry. X-Git-Url: http://pere.pagekite.me/gitweb/homepage.git/commitdiff_plain/65d1d96bfa5244e8c335320961d933f48d495049 Ny entry. --- diff --git a/blog/data/2009-05-02-coverity.txt b/blog/data/2009-05-02-coverity.txt new file mode 100644 index 0000000000..54072d69c7 --- /dev/null +++ b/blog/data/2009-05-02-coverity.txt @@ -0,0 +1,39 @@ +Title: Two projects that have improved the quality of free software a lot +Tags: english, debian +Date: 2009-05-02 15:00 + +

There are two software projects that have had huge influence on the +quality of free software, and I wanted to mention both in case someone +do not yet know them.

+ +

The first one is valgrind, a +tool to detect and expose errors in the memory handling of programs. +It is easy to use, all one need to do is to run 'valgrind program', +and it will report any problems on stdout. It is even better if the +program include debug information. With debug information, it is able +to report the source file name and line number where the problem +occurs. It can report things like 'reading past memory block in file +X line N, the memory block was allocated in file Y, line M', and +'using uninitialised value in control logic'. This tool has made it +trivial to investigate reproducible crash bugs in programs, and have +reduced the number of this kind of bugs in free software a lot. + +

The second one is +Coverity which is +a source code checker. It is able to process the source of a program +and find problems in the logic. It started out as the Stanford +Checker and became well known when it was used to find bugs in the +Linux kernel. It is now a commercial tool and the company behind it +is running a community +service for the free software community, where a lot of free +software projects get their source checked for free. Several thousand +defects have been found and fixed so far. It can find errors like +'lock L taken in file X line N is never released if exiting in line +M', or 'the code in file Y lines O-P can never be executed'. The +projects included in the community service project have managed to get +rid of a lot of reliability problems thanks to Coverity.

+ +

I believe tools like this, that are able to automatically find +errors in the source, are vital to improve the quality of software and +make sure we can get rid of the crashing and failing software we are +surrounded by today.