[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] Can we make better use of Coverity?
From: |
Peter Maydell |
Subject: |
Re: [Qemu-devel] Can we make better use of Coverity? |
Date: |
Wed, 21 Jan 2015 12:57:49 +0000 |
On 21 January 2015 at 12:47, Markus Armbruster <address@hidden> wrote:
> We're using the Coverity Scan service[*]. We've put in some effort, and
> we've gotten some mileage out of it, but I feel we could get more.
>
> Judging from the report e-mail I have lying about, we're scanning about
> once a month on average. These reports cuts off after 20 new defects.
> When there are more, which is common, people have to go to the web
> dashboard to see them. When I get one with ten, I may have a look, when
> I get one "Showing 20 of 100 defect(s)", I despair of the task, and put
> it off.
Right, but coverity reports lots of stuff, much of which is either
wrong or just not very important. The interesting stats here are:
(1) the "high impact outstanding" buglist: we have just 33 of these
(2) the per-component lists: where somebody's been working on the
bug list for that component there are often not many bugs (there
are just 2 outstanding for "arm", for instance)
> I think we should scan much more regularly. Once a week, full auto?
I think a regular automated scan would be useful, yes.
> I further think we should send the e-mail report to the list, to have
> more eyes on it.
I agree that we'd benefit much more from more people seeing the
list of coverity reports.
-- PMM
Re: [Qemu-devel] Can we make better use of Coverity?, Paolo Bonzini, 2015/01/21