Re: Coverity Scan

[Corinna Vinschen <corinna-cygwin@cygwin.com>]

[-- Attachment #1: Type: text/plain, Size: 3440 bytes --]

On May 17 21:58, David Stacey wrote:
> On 17/05/14 11:12, Corinna Vinschen wrote:
> >On May 16 21:00, David Stacey wrote:
> >>OK - we're in! You can find our project page at
> >>https://scan.coverity.com/projects/2250. Off the list, I've sent e-mails
> >>to Corinna and CGF inviting them to join the project ;-)
> >I got no such mail.  You didn't try the account I'm using for the
> >mailing list, I hope?  Please use my company address vinschen AT
> >redhat DOT com.
> 
> Apologies - another invitation sent to the correct e-mail address. Further
> apologies if I should have known your correct e-mail address already!
> 
> >I have no idea how this works. I had hoped I'd just get emails with the
> >scan results, the less fancy the solution, the better. We can set this up
> >using gpg encrypted mails, that would be the most elegant solution, IMHO.
> 
> I could probably get Coverity Scan to ping you an e-mail if a new defect is
> introduced. It's probably best if you look at the web page above. Once you
> accept the invitation and log in, you'll see a button to view the defects.
> For each defect, you'll see the defect itself, along with the path that the
> analysis engine took to get there.
> [...]
> >Well, the problem is that we're going to switch to git pretty soon, and
> >that will slightly change the directory layout.  But basically, in the
> >winsup dir, you see the subdirs
> >
> >   cygserver
> >   cygwin
> >   doc
> >   lsaauth
> >   testsuite
> >   utils
> >
> >Of those you can ignore
> >
> >   doc
> >   testsuite
> >
> >The other four would be natural groups, I think.  The toplevel and
> >winsup dirs don't need to be scanned either.
> 
> I've set up components for cygserver, cygwin, utils and newlib. There were
> no defects found in 'lsaauth' (which needs investigation in itself - I'll
> look at this).

A single source file.  Not much code.  There is at least *some*
non-0 probability that the code might be correct... I hope.

> If our directory structure is going to change when we move to
> git then that is OK - I'll remap the components at the point we move.
> However, be aware that reorganising things can confuse Coverity - if you
> sign off any warnings as 'won't fix' then they may reappear if the offending
> code is moved into a different class or file.

That's to be expected.

> >You are aware that we need a copyright assignment from you if you'd like
> >to provide patches, right? Please have a look at the "Before you get
> >started" section of http://cygwin.com/contrib.html
> 
> I'll limit my patches to the trivial kind that are ten lines or less. My
> present employer is amazingly supportive of the open source work that I do
> in my own time, and that boat doesn't need rocking.

Nevertheless, I'd be glad if you try.  This project is in desperate need
of developers getting their hands dirty.

> >In theory, at the time of writing this, I'd suggest to include only cgf,
> >yaakov, and me.
> 
> I've sent an invitation to Yaakov also.

Thanks!  For the time being I already marked a single reported problem
as false positive.  I look into more at some later point.  I'll first
try to get a 1.7.29-3 with a few bugfixes out of the door.


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]