Coverity Uncovers More Problems In Mesa
Posted by Michael Larabel on December 01, 2012
A handful of memory-related issues were plugged up yesterday in Mesa thanks to the Coverity static code analysis tools.
A Radeon memory leak, use-after-free, uninitialized variable usage, and other problems were fixed up yesterday in the mainline Mesa cpde=base. These issues were spotted during an internal Coverity scan of the Mesa code-base at Red Hat. None of these newly discovered flaws though are critical in nature.
Coverity scans in the past have found dozens of problems in Mesa and hundreds of other free software projects.
For those unfamiliar with Coverity, their commercial static code analysis tool generally does a very good job at detecting bugs within C/C#/C++ and Java code-bases. While it's commercial closed-source software, they do scan open-source projects and have found thousands of bugs over the years. Coverity's Quality Advisor product is able to spot all sorts of errors from incorrect API usage, memory problems, null pointer dereferences, performance inefficiences, resource leaks, deadlocks, best practice coding errors, and code maintainability issues.
For those that may be looking for open-source alternatives to some of the features offered by the Coverity tools, one of the closest (and most hopeful) competitors would be LLVM's Clang compiler with its built-in static analyzer. Other useful static analysis tools that are open-source include cppcheck, Stanford's Saturn, and Calysto, among many others.
A Radeon memory leak, use-after-free, uninitialized variable usage, and other problems were fixed up yesterday in the mainline Mesa cpde=base. These issues were spotted during an internal Coverity scan of the Mesa code-base at Red Hat. None of these newly discovered flaws though are critical in nature.
Coverity scans in the past have found dozens of problems in Mesa and hundreds of other free software projects.
For those unfamiliar with Coverity, their commercial static code analysis tool generally does a very good job at detecting bugs within C/C#/C++ and Java code-bases. While it's commercial closed-source software, they do scan open-source projects and have found thousands of bugs over the years. Coverity's Quality Advisor product is able to spot all sorts of errors from incorrect API usage, memory problems, null pointer dereferences, performance inefficiences, resource leaks, deadlocks, best practice coding errors, and code maintainability issues.
For those that may be looking for open-source alternatives to some of the features offered by the Coverity tools, one of the closest (and most hopeful) competitors would be LLVM's Clang compiler with its built-in static analyzer. Other useful static analysis tools that are open-source include cppcheck, Stanford's Saturn, and Calysto, among many others.
Discuss this article in our forums, IRC channel, or email the author. You can also follow our content via RSS and on social networks like Facebook, Identi.ca, and Twitter (@Phoronix and @MichaelLarabel). Subscribe to Phoronix Premium to view our content without advertisements, view entire articles on a single page, and experience other benefits.
Copyright © 2004 - 2013 by Phoronix Media.
All trademarks used are properties of their respective owners. All rights reserved. Legal Disclaimer & Disclosure.
Powered by the Phoronix Content Management System (PHXCMS-7.4).
All trademarks used are properties of their respective owners. All rights reserved. Legal Disclaimer & Disclosure.
Powered by the Phoronix Content Management System (PHXCMS-7.4).