On Fri, 2012-02-10 at 10:54 +1100, Mark Goodwin wrote:
> resend: message was too big, so I've uploaded the attachments to:
> http://people.redhat.com/mgoodwin/pcp-cov/pcp-3.5.11-1.fc15.err
> http://people.redhat.com/mgoodwin/pcp-cov/pcp-3.5.12-1.fc15.err
> Note: the 3.5.12-1 scan was done on Feb 2nd.
>
> -------- Original Message --------
> Subject: proposed on-going Coverity scan management
> Date: Fri, 03 Feb 2012 14:48:11 +1100
> From: Mark Goodwin <mgoodwin@xxxxxxxxxx>
> To: pcp <pcp@xxxxxxxxxxx>
>
>
> I've gained access to Coverity scanning internally at Red Hat. It's
> basically a simple matter of submitting an SRPM to a server, much like
> a build request (the scripts are similar to those used by the Fedora
> build system, "koji").
>
> The result is a coverity "err" file. See attached examples for scanning
> the pcp-3.5.11-1 SRPM and current dev SRPM (after merging my, Ken's and
> Nathan's dev branches).
>
> Red Hat have developed a script called "csdiff", which knows how to
> compare two Coverity err files, and report the difference. So after the
> current round of Coverity fixes has completed, and we're all happy, we
> could run another scan and commit the result as our baseline. On subsequent
> releases, we just run a scan against the new SRPM and csdiff against the
> baseline to check for any new issues. Fix those, rescan and commit a new
> baseline if it's different.
>
> We're currently down to 243 issues, compared to 377 when we began.
> Obviously many of the original issues have been intentionally ignored,
> and some are yet to be investigated :
>
> # grep -c '^Error' pcp-3.5.11-1.fc15.err pcp-3.5.12-1.fc15.err
> pcp-3.5.11-1.fc15.err:377
> pcp-3.5.12-1.fc15.err:243
>
> Sound OK?
Yep sounds like a plan to me.
And thanks to Red Hat for making the tool and results available.
|