| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:message-id:date:from:mime-version:to:subject | |
| :references:in-reply-to:content-type:content-transfer-encoding; | |
| q=dns; s=default; b=d8TbC+MSQom+PmfjZnBl0AnIeRdfpQeQuFrnltDYJRY | |
| EZbUSgrLeDdjKkfy3J8HFb9kvr7lV7VDk77WEHTrnrpwimsOR1ATdmPnvsNN2FpG | |
| MZiVVM1YgocGcPrRJEqebD7u2HiQ0DBN3ucGUPXKT45eoV8REFxzyYwfkeF/pRIY | |
| = | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:message-id:date:from:mime-version:to:subject | |
| :references:in-reply-to:content-type:content-transfer-encoding; | |
| s=default; bh=h6fQZ5ahPg7yV+MlTSrqa92ySp4=; b=bcn7PTL8IXXVqEX90 | |
| ycEUPbavGL/vnrDmZc8YN/Id8ObqZqIsQBSclF0xKpt3F9sfk46JOmacJqDzPfBD | |
| x/ZerjjhhWze2+5QjoF3X4dQK2j0nznq4jWydH7fMmZ0uAsxoWnrwiRrv0H3lZ8b | |
| KUkKDJ0qQKBJmmfEWBwB2KGYxY= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=1.6 required=5.0 tests=AWL,BAYES_50,FREEMAIL_FROM,KAM_COUK,SPF_PASS autolearn=no version=3.3.2 |
| X-HELO: | out.ipsmtp4nec.opaltelecom.net |
| X-SMTPAUTH: | drstacey AT tiscali DOT co DOT uk |
| X-IronPort-Anti-Spam-Filtered: | true |
| X-IronPort-Anti-Spam-Result: | ApQBAA9udlNV0k66/2dsb2JhbAANTINVxE4JAYEtgxkBAQEEOEARCxgJFg8JAwIBAgFFEwgBAYhKrEulShMEjlYWhCoEsCk |
| X-IPAS-Result: | ApQBAA9udlNV0k66/2dsb2JhbAANTINVxE4JAYEtgxkBAQEEOEARCxgJFg8JAwIBAgFFEwgBAYhKrEulShMEjlYWhCoEsCk |
| Message-ID: | <53766E46.4070207@tiscali.co.uk> |
| Date: | Fri, 16 May 2014 21:00:06 +0100 |
| From: | David Stacey <drstacey AT tiscali DOT co DOT uk> |
| User-Agent: | Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 |
| MIME-Version: | 1.0 |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: Coverity Scan |
| References: | <5359F391 DOT 8060309 AT tiscali DOT co DOT uk> <20140425083500 DOT GA5666 AT calimero DOT vinschen DOT de> <20140425155324 DOT GA2412 AT ednor DOT casa DOT cgf DOT cx> |
| In-Reply-To: | <20140425155324.GA2412@ednor.casa.cgf.cx> |
| X-IsSubscribed: | yes |
On 25/04/14 16:53, Christopher Faylor wrote: > On Fri, Apr 25, 2014 at 10:35:00AM +0200, Corinna Vinschen wrote: >> On Apr 25 06:33, David Stacey wrote: >>> Coverity Scan [1] is a commercial (paid for) static analysis tool, but >>> they offer it to Open Source programmes for free. I was having a browse >>> through the list of Open Source programmes using Coverity Scan, and >>> noticed that Cygwin wasn't listed. Would there be any interest in >>> analysing the cygwin1.dll source code on a fairly regular basis? If so, >>> I would be happy to have a go at setting up an analysis job for Cygwin. >>> >>> I would imagine this would be of interest to CGF, Corinna and anyone >>> else who regularly updates the Cygwin source code. Obviously, this is >>> only worth doing if the analysis results are looked at and acted upon. >> Depends. If the report contains lots of false positives, it's getting >> annoying pretty quickly. > We use coverity at work. It is annoying and it does have false positive > but a lot of what look like false positives often turn out to be: "Oh, > wait. (#*(&$ Yeah. That's a problem." > > If we could use coverity I'm sure it would be interesting if we can get > it. OK - we're in! You can find our project page at https://scan.coverity.com/projects/2250. Off the list, I've sent e-mails to Corinna and CGF inviting them to join the project ;-) It would be responsible of us to restrict access to known vulnerabilities, so please _don't_ ask for visibility of the scan results. I will leave it to CGF and Corinna to decide who we give access to and when. There is still a little work to do in setting up the Coverity scan. The next step is to group the code into logical clusters, which Coverity calls Components. Typically, this is done on directories or other file groupings, and the tool allows you to concentrate on just one of these components at once. If you let me know what components you'd like, I'll set them up. The Coverity build is being performed on one of my PCs at the moment. I'll try to do this at least weekly using a snapshot from the snapshots page. I'll also try to submit patches as and when time allows. But if this is going to work then anyone who regularly contributes to the Cygwin source code will have to make use of the tool. Finally, I'd like to thank Dakshesh Vyas at Coverity for allowing us to join the Scan programme. Cheers, Dave. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |