resend: message was too big, so I've uploaded the attachments to:
http://people.redhat.com/mgoodwin/pcp-cov/pcp-3.5.11-1.fc15.err
http://people.redhat.com/mgoodwin/pcp-cov/pcp-3.5.12-1.fc15.err
Note: the 3.5.12-1 scan was done on Feb 2nd.
-------- Original Message --------
Subject: proposed on-going Coverity scan management
Date: Fri, 03 Feb 2012 14:48:11 +1100
From: Mark Goodwin <mgoodwin@xxxxxxxxxx>
To: pcp <pcp@xxxxxxxxxxx>
I've gained access to Coverity scanning internally at Red Hat. It's
basically a simple matter of submitting an SRPM to a server, much like
a build request (the scripts are similar to those used by the Fedora
build system, "koji").
The result is a coverity "err" file. See attached examples for scanning
the pcp-3.5.11-1 SRPM and current dev SRPM (after merging my, Ken's and
Nathan's dev branches).
Red Hat have developed a script called "csdiff", which knows how to
compare two Coverity err files, and report the difference. So after the
current round of Coverity fixes has completed, and we're all happy, we
could run another scan and commit the result as our baseline. On subsequent
releases, we just run a scan against the new SRPM and csdiff against the
baseline to check for any new issues. Fix those, rescan and commit a new
baseline if it's different.
We're currently down to 243 issues, compared to 377 when we began.
Obviously many of the original issues have been intentionally ignored,
and some are yet to be investigated :
# grep -c '^Error' pcp-3.5.11-1.fc15.err pcp-3.5.12-1.fc15.err
pcp-3.5.11-1.fc15.err:377
pcp-3.5.12-1.fc15.err:243
Sound OK?
-- Mark
|