[coreboot] How to deal with Coverity reports? (was: Missing Coverity reports)
Julius Werner
jwerner at chromium.org
Tue Mar 15 00:05:42 CET 2016
>> It would be nice to build a task force for fixing the issues found by
>> coverity. Any takers?
>
> What is the best plan? In my opinion, the author of the possibly
> “suboptimal” code, should be responsible to fix it.
Is our general goal just to triage or to actually fix (as in: change
code so that they disappear) all Coverity errors? I think it's a great
tool that occasionally really finds that one odd bug, but most of the
issues I've looked at so far seem to be false positives of some sort
or another (either because for some error types it really just
guesses, or because of aggressive overinterpretation of the C
standard). Some of those may be easy to fix, but others may not, and I
don't think we should sacrifice speed or readability to make a tool
happy. It would be ideal if we could just mark a certain issue that it
found as "resolved" somehow (it already seems to report everything
only once, but something more explicit with maybe a comment field
would be nice).
More information about the coreboot
mailing list