| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:message-id:date:from:mime-version:to:subject | |
| :references:in-reply-to:content-type:content-transfer-encoding; | |
| q=dns; s=default; b=XXaYUfr5pm7WqsVty9s6RVhCQ7lKv0tpLTWWM9TQeZx | |
| s6G6nVjdkQ3WZmc9jKLayXfOAChii8+QMfgwfLdes3YtPVlMY0sHm+s7dE3Vu76e | |
| h9LgCMwiillrlvu7tmjuHDRwU31Lu4Vsmh08a2XrQAwIycLks8JYJ6gbCCFdUTqY | |
| = | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:message-id:date:from:mime-version:to:subject | |
| :references:in-reply-to:content-type:content-transfer-encoding; | |
| s=default; bh=2HBCanNoJQPgVXrg7O8jIqQAg3Y=; b=tFwGaxc40t2Cznx3J | |
| GoNSz9oCj4grLOa5coQs5xYmd71oe2yxpIbBMvHrEaotVEFqdJXIj46bDg+hnyXR | |
| 6S24DG/K3NgO1VUQ/BpDdek+PJ2LIfAGS7O/oE5GoWB+IcfcBmO868o8umk4q267 | |
| Td0CkZUs6Mp7OkjPIF16c7NBmQ= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| Authentication-Results: | sourceware.org; auth=none |
| X-Virus-Found: | No |
| X-Spam-SWARE-Status: | No, score=0.2 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,KAM_COUK,SPF_PASS autolearn=no version=3.3.2 |
| X-HELO: | out.ipsmtp4nec.opaltelecom.net |
| X-SMTPAUTH: | drstacey AT tiscali DOT co DOT uk |
| X-IronPort-Anti-Spam-Filtered: | true |
| X-IronPort-Anti-Spam-Result: | AjkDALDMd1NV0kJN/2dsb2JhbAANTINVg0HBFwMCAYEhgxkBAQEDASMVNgoGCwsYAgIFDAoLAgIJAwIBAgFFEwgBAReIHhWrfnekDReBKogHhEgGAQFWCoJrgUsEmxeLdIkhgW4I |
| X-IPAS-Result: | AjkDALDMd1NV0kJN/2dsb2JhbAANTINVg0HBFwMCAYEhgxkBAQEDASMVNgoGCwsYAgIFDAoLAgIJAwIBAgFFEwgBAReIHhWrfnekDReBKogHhEgGAQFWCoJrgUsEmxeLdIkhgW4I |
| Message-ID: | <5377CD8E.1090501@tiscali.co.uk> |
| Date: | Sat, 17 May 2014 21:58:54 +0100 |
| From: | David Stacey <drstacey AT tiscali DOT co DOT uk> |
| User-Agent: | Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 |
| MIME-Version: | 1.0 |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: Coverity Scan |
| References: | <5359F391 DOT 8060309 AT tiscali DOT co DOT uk> <20140425083500 DOT GA5666 AT calimero DOT vinschen DOT de> <20140425155324 DOT GA2412 AT ednor DOT casa DOT cgf DOT cx> <53766E46 DOT 4070207 AT tiscali DOT co DOT uk> <20140517101240 DOT GO430 AT calimero DOT vinschen DOT de> |
| In-Reply-To: | <20140517101240.GO430@calimero.vinschen.de> |
| X-IsSubscribed: | yes |
On 17/05/14 11:12, Corinna Vinschen wrote: > On May 16 21:00, David Stacey wrote: >> OK - we're in! You can find our project page at >> https://scan.coverity.com/projects/2250. Off the list, I've sent >> e-mails to Corinna and CGF inviting them to join the project ;-) > I got no such mail. You didn't try the account I'm using for the > mailing list, I hope? Please use my company address vinschen AT > redhat DOT com. Apologies - another invitation sent to the correct e-mail address. Further apologies if I should have known your correct e-mail address already! > I have no idea how this works. I had hoped I'd just get emails with > the scan results, the less fancy the solution, the better. We can set > this up using gpg encrypted mails, that would be the most elegant > solution, IMHO. I could probably get Coverity Scan to ping you an e-mail if a new defect is introduced. It's probably best if you look at the web page above. Once you accept the invitation and log in, you'll see a button to view the defects. For each defect, you'll see the defect itself, along with the path that the analysis engine took to get there. For example, consider the case of reading an uninitialised variable. The trace would start at the point the variable is declared. You would see the path taken through the code (e.g. taking the 'true' path of an 'if' statement, or not executing a 'while' loop because the condition was never satisfied) until you arrive at a line where the variable is read without ever having been initialised. This is more useful than simply complaining about reading an uninitialised variable: often these can be logic errors, i.e. the coder didn't consider a certain scenario, or thought that all paths through the code would initialise the variable at some point. As Coverity shows you the path through the code (even between functions), you see the hole in the logic. >> There is still a little work to do in setting up the Coverity scan. The next >> step is to group the code into logical clusters, which Coverity calls >> Components. Typically, this is done on directories or other file groupings, >> and the tool allows you to concentrate on just one of these components at >> once. If you let me know what components you'd like, I'll set them up. > Well, the problem is that we're going to switch to git pretty soon, and > that will slightly change the directory layout. But basically, in the > winsup dir, you see the subdirs > > cygserver > cygwin > doc > lsaauth > testsuite > utils > > Of those you can ignore > > doc > testsuite > > The other four would be natural groups, I think. The toplevel and > winsup dirs don't need to be scanned either. I've set up components for cygserver, cygwin, utils and newlib. There were no defects found in 'lsaauth' (which needs investigation in itself - I'll look at this). If our directory structure is going to change when we move to git then that is OK - I'll remap the components at the point we move. However, be aware that reorganising things can confuse Coverity - if you sign off any warnings as 'won't fix' then they may reappear if the offending code is moved into a different class or file. > You are aware that we need a copyright assignment from you if you'd > like to provide patches, right? Please have a look at the "Before you > get started" section of http://cygwin.com/contrib.html I'll limit my patches to the trivial kind that are ten lines or less. My present employer is amazingly supportive of the open source work that I do in my own time, and that boat doesn't need rocking. > In theory, at the time of writing this, I'd suggest to include only cgf, > yaakov, and me. I've sent an invitation to Yaakov also. Cheers, Dave. -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |