Dear coreboot folks,
does Coverity still check the coreboot code base or have there been changes? It’d be great to get it going again and to have the errors fixed in code that is currently committed.
Thanks,
paul
On 03/12/2016 01:51 PM, Paul Menzel wrote:
Dear coreboot folks,
does Coverity still check the coreboot code base or have there been changes? It’d be great to get it going again and to have the errors fixed in code that is currently committed.
Thanks,
paul
There are no automatic runs of coverity right now, but the plan is to continue having coverity check the code base. It would be nice to build a task force for fixing the issues found by coverity. Any takers?
Stefan
Hey Paul, Thanks for bringing this up. We'd definitely like to fix the issues that are identified by coverity.
To start looking at issues, sign up for a coverity account: https://scan.coverity.com/users/sign_up
After you log in, search for the coreboot project and click the 'Add me to project' button. You should be able to see the project and issues as soon as this is done. I believe someone needs to approve your member request before you can update any of the issues.
We had a bad run last night, so it didn't analyze the full coreboot tree. We're limited to running the scan twice a week, so we'll try again tomorrow. I don't see a way to view the defects that were removed because of this, so we'll want to wait a day or two to start digging into issues.
We're looking at setting this up as an automated weekly test run.
Martin
On Sun, Mar 13, 2016 at 11:27 PM, Stefan Reinauer < stefan.reinauer@coreboot.org> wrote:
On 03/12/2016 01:51 PM, Paul Menzel wrote:
Dear coreboot folks,
does Coverity still check the coreboot code base or have there been changes? It’d be great to get it going again and to have the errors fixed in code that is currently committed.
Thanks,
paul
There are no automatic runs of coverity right now, but the plan is to continue having coverity check the code base. It would be nice to build a task force for fixing the issues found by coverity. Any takers?
Stefan
-- coreboot mailing list: coreboot@coreboot.org https://www.coreboot.org/mailman/listinfo/coreboot
Dear Stefan,
Am Sonntag, den 13.03.2016, 22:27 -0700 schrieb Stefan Reinauer:
On 03/12/2016 01:51 PM, Paul Menzel wrote:
does Coverity still check the coreboot code base or have there been changes? It’d be great to get it going again and to have the errors fixed in code that is currently committed.
There are no automatic runs of coverity right now, but the plan is to continue having coverity check the code base.
That’s good to know. I think it’s very valuable.
It would be nice to build a task force for fixing the issues found by coverity. Any takers?
What is the best plan? In my opinion, the author of the possibly “suboptimal” code, should be responsible to fix it.
The maintainer of the affected system should probably come next in line and contact the author, if they are not responding themselves.
Hopefully, that will deal with 90 % of the issues.
For the rest of the issues, a task force would indeed be nice. I would try to tackle some issues, if I have some spare minutes. A lot of those will be over my head though.
Thanks,
Paul
It would be nice to build a task force for fixing the issues found by coverity. Any takers?
What is the best plan? In my opinion, the author of the possibly “suboptimal” code, should be responsible to fix it.
Is our general goal just to triage or to actually fix (as in: change code so that they disappear) all Coverity errors? I think it's a great tool that occasionally really finds that one odd bug, but most of the issues I've looked at so far seem to be false positives of some sort or another (either because for some error types it really just guesses, or because of aggressive overinterpretation of the C standard). Some of those may be easy to fix, but others may not, and I don't think we should sacrifice speed or readability to make a tool happy. It would be ideal if we could just mark a certain issue that it found as "resolved" somehow (it already seems to report everything only once, but something more explicit with maybe a comment field would be nice).
-
Julius Werner -
Martin Roth -
Paul Menzel -
Stefan Reinauer