From: David Stacey <drstacey@tiscali.co.uk>
To: cygwin@cygwin.com
Subject: Re: Coverity Scan
Date: Fri, 16 May 2014 20:03:00 -0000 [thread overview]
Message-ID: <53766E46.4070207@tiscali.co.uk> (raw)
In-Reply-To: <20140425155324.GA2412@ednor.casa.cgf.cx>
On 25/04/14 16:53, Christopher Faylor wrote:
> On Fri, Apr 25, 2014 at 10:35:00AM +0200, Corinna Vinschen wrote:
>> On Apr 25 06:33, David Stacey wrote:
>>> Coverity Scan [1] is a commercial (paid for) static analysis tool, but
>>> they offer it to Open Source programmes for free. I was having a browse
>>> through the list of Open Source programmes using Coverity Scan, and
>>> noticed that Cygwin wasn't listed. Would there be any interest in
>>> analysing the cygwin1.dll source code on a fairly regular basis? If so,
>>> I would be happy to have a go at setting up an analysis job for Cygwin.
>>>
>>> I would imagine this would be of interest to CGF, Corinna and anyone
>>> else who regularly updates the Cygwin source code. Obviously, this is
>>> only worth doing if the analysis results are looked at and acted upon.
>> Depends. If the report contains lots of false positives, it's getting
>> annoying pretty quickly.
> We use coverity at work. It is annoying and it does have false positive
> but a lot of what look like false positives often turn out to be: "Oh,
> wait. (#*(&$ Yeah. That's a problem."
>
> If we could use coverity I'm sure it would be interesting if we can get
> it.
OK - we're in! You can find our project page at
https://scan.coverity.com/projects/2250. Off the list, I've sent e-mails
to Corinna and CGF inviting them to join the project ;-)
It would be responsible of us to restrict access to known
vulnerabilities, so please _don't_ ask for visibility of the scan
results. I will leave it to CGF and Corinna to decide who we give access
to and when.
There is still a little work to do in setting up the Coverity scan. The
next step is to group the code into logical clusters, which Coverity
calls Components. Typically, this is done on directories or other file
groupings, and the tool allows you to concentrate on just one of these
components at once. If you let me know what components you'd like, I'll
set them up.
The Coverity build is being performed on one of my PCs at the moment.
I'll try to do this at least weekly using a snapshot from the snapshots
page. I'll also try to submit patches as and when time allows. But if
this is going to work then anyone who regularly contributes to the
Cygwin source code will have to make use of the tool.
Finally, I'd like to thank Dakshesh Vyas at Coverity for allowing us to
join the Scan programme.
Cheers,
Dave.
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
next prev parent reply other threads:[~2014-05-16 20:00 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-25 5:33 David Stacey
2014-04-25 8:35 ` Corinna Vinschen
2014-04-25 12:20 ` David Stacey
2014-04-25 13:33 ` Corinna Vinschen
2014-04-25 15:53 ` Christopher Faylor
2014-04-25 19:09 ` David Arnstein
2014-05-16 20:03 ` David Stacey [this message]
2014-05-16 20:35 ` Jeffrey Altman
2014-05-17 16:13 ` Corinna Vinschen
2014-05-17 10:13 ` Corinna Vinschen
2014-05-17 23:13 ` David Stacey
2014-05-19 8:36 ` Corinna Vinschen
[not found] <CAO1jNwuZhQoyccTTGJWcdUJHHQjHeYc5GZEyG-Hci5kfLaMcTA@mail.gmail.com>
2014-04-25 9:10 ` Fwd: " Jan Nijtmans
2014-04-25 12:17 ` Corinna Vinschen
2014-04-25 15:55 ` Christopher Faylor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53766E46.4070207@tiscali.co.uk \
--to=drstacey@tiscali.co.uk \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).