One good way to start contributing to open source — Static Analysers!

Sheetal pamecha
Jul 17 · 3 min read

Everyone keeps talking about contributing to open source. Once you begin looking for suitable projects on Github, you can browse through issues or open an issue, solve it, send a patch and repeat. But it is always challenging to start with your first code commit.

For starters, the tendency is to find an issue that is beginner-friendly and that won’t require in-depth knowledge of the complete project. So the question is how to find such issues?

When I started Contributing to Gluster, I was introduced with static analyzer tools which can provide good issues to start contributing in any project.

Projects use a variety of tools to detect issues in the codebase. I will talk in reference with Gluster — a scalable distributed software-defined storage and what tools they use. I will also add links to some other projects at the end that you can contribute to.

For an enterprise-level project, it is very important to maintain a stable product. And stability comes from the quality of the product and code.

Gluster uses tools like CLang and Coverity to detect issues and to make the project more stable.

What are these tools?

  • Clang is a C and C++ compiler for the Low-Level Virtual Machine (LLVM). It is a bit more advanced with helpful error messages and diagnostics.
  • Coverity Scan is used for static code analysis of Open Source projects and can analyze C, C++, C#, Objective-C, Java, Javascript, node.JS, Ruby, PHP, & Python.

How to Contribute?

For the Gluster project, Clang is triggered as a nightly job on Jenkins and generates the report daily. You can find the latest results here.

To access the results of Coverity-scan, create an account on Coverity, go to Projects and request access to the gluster/glusterfs project.

The major goal of static analysis is to determine the runtime properties of programs without executing them. It runs through the code covering all possible control flow and data flow paths, following all branches and function calls to check the workflow and detects issues like — memory leak, Unused variable, Null Pointer dereference, Buffer overflows, Control flow issues, Deadlocks, Resource leaks, Illegal memory access, Program hangs, Race conditions, use after free, unchecked return value, uninitialized variables, and many more.

You can leverage these reports to get your FirstBugs. The report generated by these tools is very easy to understand with markings where and why this error is happening. It will also help you in understanding the code, how the control flow passes through function and will be easier working with it in the future.

If you get stuck or have any questions, you can send it to the gluster-devel mailing list.

Other Open Source Projects that use Static analysis tools are Linux, Ceph, Python, Chromium, Debian.

Let’s start open sourcing. Happy Open Sourcing :)

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade