[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: kdepimlibs Coverity Scan Report, Oct 14 2014
From:       Gilles Caulier <caulier.gilles () gmail ! com>
Date:       2014-10-16 17:29:19
Message-ID: CAHFG6sGo6NEYH=VW82VgCA1+jCi8n4tgeNgfi4Z4=h4JY5jz_g () mail ! gmail ! com
[Download RAW message or body]

Yes, Web interface is a pleasure to use and learn about dysfunctions.

I recommend highly to generalize Coverity SCAN for whole KDE. It's
really good static code analyzer Sure it give false positive but
mostly all are true, and sometime very instructive about code writing
from contributors.

Compared to cppcheck, Coverity can see in-deep dysfunctions where
cppcheck report nothing. I can see more false positive from cppcheck
than Coverity.

If you look opensource projects scanned by Coverity, you will seen all
most important on the world.

Gilles Caulier

2014-10-16 18:48 GMT+02:00 David Jarvie <djarvie@kde.org>:
> On Thu, October 16, 2014 2:06 pm, Gilles Caulier wrote:
>> 2014-10-16 12:29 GMT+02:00 Ben Cooksley <bcooksley@kde.org>:
>>> On Thu, Oct 16, 2014 at 8:53 PM, Gilles Caulier
>>> <caulier.gilles@gmail.com> wrote:
>>>> Allen,
>>>
>>> Hi Gilles,
>>>
>>>>
>>>> Just a workflow question : why to export Coverity report to CSV where
>>>> you can send automatically a mail to devel mailing list when scan is
>>>> complete, with a a list of new defect found in code.
>>>>
>>>> I use Coverity since more than one year with whole digiKam code, and
>>>> we have already fixed more than 500 entries detected. The Coverity web
>>>> interface is really more suitable than a export to CSV. Defect are
>>>> very well explained in source context, with all conditions used to
>>>> check implementation.
>>>>
>>>> The only constrain is to have an account for each contributors who
>>>> will fixed entries.
>>>
>>> I suspect that is why Allen is sending out the HTML/CSV output -
>>> because not everyone has access and it is helpful to have this
>>> information publicly accessible.
>>
>> All is configurable in Coverity interface. You can invite people and
>> attribute role.
>>
>> Web interface is so far more powerful to use than CSV, and permit a
>> time gain to fix issues.
>
> The CSV version doesn't contain line numbers, so it's impossible to know
> what code some of the issues refer to. I seem to remember that the web
> interface doesn't have that problem.
>
> --
> David Jarvie.
> KDE developer.
> KAlarm author - http://www.astrojar.org.uk/kalarm
>
[prev in list] [next in list] [prev in thread] [next in thread]