Обсуждение: Two Coverity Scan volunteers needed
Hackers, As you may have read, Coverity is running their static analysis tool ("Scan") against the PostgreSQL codebase daily: http://scan.coverity.com/ We need two (or more) PostgreSQL hackers to volunteer to regularly check the Coverity reports and either fix/forward the bugs found, or (more often) mark them as non-bugs in the Coverity system. This no longer requires extensive NDAs, so people who couldn't do it last time due to work conflicts shouldn't still have that problem. This should only require a couple hours a week of work, and would be an excellent contribution from a new hacker who wants an intensive way to learn the whole PostgreSQL code base. We should also get a core contributor signed up too, though. Please e-mail me if you can commit to helping with this, and I'll get you a login. -- Josh Berkus PostgreSQL @ Sun San Francisco
On Tue, 2008-02-26 at 11:33 -0800, Josh Berkus wrote: > We need two (or more) PostgreSQL hackers to volunteer to regularly check the > Coverity reports and either fix/forward the bugs found, or (more often) mark > them as non-bugs in the Coverity system. I take a look at this periodically. Apparently the last run of the tool for Postgres happened on October 30th -- do you know if there's a way to schedule more frequent runs? -Neil
Neil, > I take a look at this periodically. Apparently the last run of the tool > for Postgres happened on October 30th -- do you know if there's a way to > schedule more frequent runs? If we get volunteers set up, they will start running it daily. -- --Josh Josh Berkus PostgreSQL @ Sun San Francisco
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 26 Feb 2008 14:45:23 -0800 Josh Berkus <josh@agliodbs.com> wrote: > Neil, > > > I take a look at this periodically. Apparently the last run of the > > tool for Postgres happened on October 30th -- do you know if > > there's a way to schedule more frequent runs? > > If we get volunteers set up, they will start running it daily. Would there be a way to script the responses to flag us for things that are important? Joshua D. Drake - -- The PostgreSQL Company since 1997: http://www.commandprompt.com/ PostgreSQL Community Conference: http://www.postgresqlconference.org/ Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate PostgreSQL SPI Liaison | SPI Director | PostgreSQL political pundit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHxJlIATb/zqfZUUQRAtUrAKCFhy/ZSwVrxyko8zDCpq2z1JFZsgCfdK4g YkKMFzgmefGYmaV/oVj8seg= =O6Kz -----END PGP SIGNATURE-----
On Tue, 2008-02-26 at 14:57 -0800, Joshua D. Drake wrote: > Would there be a way to script the responses to flag us for things > that are important? I think you need human verification / analysis, which isn't an easy thing to script. -Neil
On 27/02/2008, Neil Conway <neilc@samurai.com> wrote: > I think you need human verification / analysis, which isn't an easy > thing to script. Is that site publicly accessible, do they have some sample output that one could examine in regards to Joshua's parsing idea? > -Neil Cheers, Andrej -- Please don't top post, and don't use HTML e-Mail :} Make your quotes concise. http://www.american.edu/econ/notes/htmlmail.htm
On Tue, Feb 26, 2008 at 02:57:12PM -0800, Joshua D. Drake wrote: > > If we get volunteers set up, they will start running it daily. > > Would there be a way to script the responses to flag us for things > that are important? There was (briefly) a way for them to send emails whenever something new was detected. That was kinda useful. However, the number of false positives is quite large. Maybe it got better but last time I checked (a while back admittedly) it didn't notice the ereport(ERROR,...) never returned. It is possible to export results, and I did that once for all the ECPG errors so the developers could fix them. Looking at the latest results it has a lot of warnings about dead-code in libstemmer, which is not entirely surprising given that it's generated code. Have a nice day, -- Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/ > Those who make peaceful revolution impossible will make violent revolution inevitable. > -- John F Kennedy