Last year a discussion in one of the POV-Ray news groups about static software analysis, and the Coverity Project generated enough interest that I volunteered to follow up with a little investigation. At that time their project was in a bit of flux, while they stream-lined the submission process. I was advised to wait. Well one year later, our project has been accepted, and since release candidate 6 the unix/linux version of the POV-Ray source code has been submitted for analysis.
Several members of the team reviewed the initial scan results, and decided to begin with a triage of the High Impact issues, and as of this writing that has been completed.
Here’s where the immediate results comes in … interestingly enough, shortly after release candidate 6, a bug was uncovered. On an outside hunch, I brought into the discussion, the recollection of a Coverity issue I had seen during one of my triage sessions. Turns out it was relevant, and a fix was submitted.
Several other Coverity issue’s have been resolved and their fixes have made their way into release candidate 7.
A new scan was submitted to pick up our progress.
The Final Push
A few weeks had passed, when discussion started turning towards setting a date for the version 3.7.0 release. We’ve managed to get more than several additional High Impact issue fixes included in the upcoming release. Thanks to the POV team for finally agreeing that there was indeed value to be added to the product in doing so. The remainder of the High Impact issue’s have been tabled for future releases … pending further investigation.
I’m pretty excited about the results, and have no doubt that Coverity is adding value to our project. I intend to continue as the champion for this cause, and look forward to the work that’s still ahead.