8. Safe code is not a coincidence
Doesn’t happen randomly, you need to work on it!
You need to care about it!
It is about time we all address this topic!
Everything I’ll tell you today, you already know!
9. Writing
Help users use your app or APIHelp users use your app or API
Defaults!Defaults!
Document. Everything and a lot.Document. Everything and a lot.
Get rid of warningsGet rid of warnings
UseUse commentscomments
assert()assert()
Release code asRelease code as open sourceopen source
10. Review
All codeAll code shallshall get reviewedget reviewed
CodeCode shallshall be easy to readbe easy to read and understandand understand
Use theUse the same code stylesame code style everywhereeverywhere
Commit message template ochCommit message template och qualityquality
Make sure style and templates are followed!Make sure style and templates are followed!
13. All that, all the time
For every commit
For every PR
All. The. Time
14. The curl project
>50 builds + test “rounds” per commit
Tests code style, indenting etc
Thousands of tests per build
Builds and tests on tens of platforms
20-25 hours of CI per commit
15. The curl project’s choice of tools
Valgrind
Clang address,
undefined, signed-
integer-overflow
sanitizers
Clang tidy
“torture tests”
Scan-build
Lgtm
codacy
Coverity
OSS-Fuzz
Travis CI
Appveyor
Cirrus CI
Buildbots
16. The curl project’s policy
Fix all warnings (eye roll)Fix all warnings (eye roll)
No defects leftNo defects left
Use the strictest and most picky optionsUse the strictest and most picky options
As many tests as possibleAs many tests as possible
Fix security issues as soon as possibleFix security issues as soon as possible
25. License
This presentation and its contents are
licensed under the Creative Commons
Attribution 4.0 license:
http://creativecommons.org/licenses/by/4.0/