[coreboot] How to deal with Coverity reports?

[Stefan Reinauer]

On 03/14/2016 04:05 PM, Julius Werner wrote:
> Is our general goal just to triage or to actually fix (as in: change
> code so that they disappear) all Coverity errors? I think it's a great
> tool that occasionally really finds that one odd bug, but most of the
> issues I've looked at so far seem to be false positives of some sort
> or another (either because for some error types it really just
> guesses, or because of aggressive overinterpretation of the C
> standard). Some of those may be easy to fix, but others may not, and I
> don't think we should sacrifice speed or readability to make a tool
> happy. It would be ideal if we could just mark a certain issue that it
> found as "resolved" somehow (it already seems to report everything
> only once, but something more explicit with maybe a comment field
> would be nice).

Most issues have not even been triaged yet. I agree that a fair amount
of issues are not critical, and are flagged because coverity was not
designed for low level software. These issues can be classified as False
Positive or Intentional, which will make them go away.

Stefan