Euphoria Ticket #85: Coverty Scan -- source-code analysis

Coverty Scan seems to be an outfit that does "static scan" analysis of source-code and reports on faults and security issues. They are supported by the U.S. Department of Homeland Security.

Languages that have been processed include: gcc, Perl, Python, PHP, Ruby, and TCL. Ruby has made it to "Rung 3", their top level rating.

The website is

A pdf of their report on open-source software can be downloaded from this site.

This could be a good time for Euphoria to be added to their scan project. Someone would have to email them to find out the details of what they do.


Type: Feature Request Severity: Minor Category: Interpreter
Assigned To: unknown Status: New Reported Release: 4.0
Fixed in SVN #: View VCS: none Milestone:

1. Comment by mattlewis Oct 12, 2009

I believe this is meant to be Coverity:

2. Comment by jeremy Oct 25, 2010

We should probably start by fixing all compiler warnings and running other fault checking software on our C code.

3. Comment by mattlewis Oct 25, 2010

I think we've got most issues taken care of. At least we did, a little while ago. Some may have crept in. The one place we expressly didn't was in translated code. There are lots and lots of unused warnings, especially for the auto _0, _1, _2 variables in each routine. It doesn't seem worth it to clean up those issues.

4. Comment by jeremy Oct 25, 2010

Can we detect they are unused and not omit them?

5. Comment by mattlewis Oct 25, 2010

For regular, user defined variables, probably not difficult. For the _0, _1, _2 variables, we'd have to figure out when they were actually emitted into C code. The effort to do that didn't seem to be worth it, though if someone can come up with a reasonable way to do it that doesn't slow the translator down too much, I say, "Have at it."

We've eliminated things like unused goto labels and lots of other warnings.


Quick Links

User menu

Not signed in.

Misc Menu