[pcp] Fwd: proposed on-going Coverity scan management

Mark Goodwin mgoodwin at redhat.com
Thu Feb 9 17:00:56 CST 2012


resend .. this somehow ended up in the bitbucket

-------- Original Message --------
Subject: proposed on-going Coverity scan management
Date: Fri, 03 Feb 2012 14:48:11 +1100
From: Mark Goodwin <mgoodwin at redhat.com>
To: pcp <pcp at oss.sgi.com>


I've gained access to Coverity scanning internally at Red Hat. It's
basically a simple matter of submitting an SRPM to a server, much like
a build request (the scripts are similar to those used by the Fedora
build system, "koji").

The result is a coverity "err" file. See attached examples for scanning
the pcp-3.5.11-1 SRPM and current dev SRPM (after merging my, Ken's and
Nathan's dev branches).

Red Hat have developed a script called "csdiff", which knows how to
compare two Coverity err files, and report the difference. So after the
current round of Coverity fixes has completed, and we're all happy, we
could run another scan and commit the result as our baseline. On subsequent
releases, we just run a scan against the new SRPM and csdiff against the
baseline to check for any new issues. Fix those, rescan and commit a new
baseline if it's different.

We're currently down to 243 issues, compared to 377 when we began.
Obviously many of the original issues have been intentionally ignored,
and some are yet to be investigated :

# grep -c '^Error' pcp-3.5.11-1.fc15.err pcp-3.5.12-1.fc15.err
pcp-3.5.11-1.fc15.err:377
pcp-3.5.12-1.fc15.err:243

Sound OK?

-- Mark

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: pcp-3.5.11-1.fc15.err
URL: <http://oss.sgi.com/pipermail/pcp/attachments/20120210/447468b8/attachment-0002.bat>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: pcp-3.5.12-1.fc15.err
URL: <http://oss.sgi.com/pipermail/pcp/attachments/20120210/447468b8/attachment-0003.bat>


More information about the pcp mailing list