Participants
Josh Berkus
Josh Berkus
Neil Conway
Neil Conway
Joshua D. Drake
Joshua D. Drake
Andrej Ricnik-Bay
Andrej Ricnik-Bay
Martijn van Oosterhout
Martijn van Oosterhout
Attachments

No attachments in this thread

Thread Outline
#1...#4
Josh BerkusNeil ConwayJoshua D. Drake
Feb 26, 2008
#1Josh BerkusJosh Berkus
Feb 26, 2008
#2Neil ConwayNeil Conwayto Josh Berkus (#1)
Feb 26, 2008
#3Josh BerkusJosh Berkusto Neil Conway (#2)
Feb 26, 2008
#4Joshua D. DrakeJoshua D. Draketo Josh Berkus (#3)
Feb 26, 2008
#5...#6
Neil ConwayAndrej Ricnik-Bay
to Joshua D. Drake (#4)
Feb 26, 2008
#5Neil ConwayNeil Conwayto Joshua D. Drake (#4)
Feb 26, 2008
#6Andrej Ricnik-BayAndrej Ricnik-Bayto Neil Conway (#5)
Feb 27, 2008
#7Martijn van OosterhoutMartijn van Oosterhoutto Joshua D. Drake (#4)
Feb 27, 2008

Two Coverity Scan volunteers needed

Started by Josh Berkusalmost 18 years ago7 messages
#1Josh Berkus
Josh Berkus
josh@agliodbs.com

Hackers,

As you may have read, Coverity is running their static analysis tool ("Scan")
against the PostgreSQL codebase daily: http://scan.coverity.com/

We need two (or more) PostgreSQL hackers to volunteer to regularly check the
Coverity reports and either fix/forward the bugs found, or (more often) mark
them as non-bugs in the Coverity system. This no longer requires extensive
NDAs, so people who couldn't do it last time due to work conflicts shouldn't
still have that problem.

This should only require a couple hours a week of work, and would be an
excellent contribution from a new hacker who wants an intensive way to learn
the whole PostgreSQL code base. We should also get a core contributor signed
up too, though.

Please e-mail me if you can commit to helping with this, and I'll get you a
login.

--
Josh Berkus
PostgreSQL @ Sun
San Francisco

#2Neil Conway
Neil Conway
neilc@samurai.com
In reply to: Josh Berkus (#1)
Re: Two Coverity Scan volunteers needed

On Tue, 2008-02-26 at 11:33 -0800, Josh Berkus wrote:

We need two (or more) PostgreSQL hackers to volunteer to regularly check the
Coverity reports and either fix/forward the bugs found, or (more often) mark
them as non-bugs in the Coverity system.

I take a look at this periodically. Apparently the last run of the tool
for Postgres happened on October 30th -- do you know if there's a way to
schedule more frequent runs?

-Neil

#3Josh Berkus
Josh Berkus
josh@agliodbs.com
In reply to: Neil Conway (#2)
Re: Two Coverity Scan volunteers needed

Neil,

I take a look at this periodically. Apparently the last run of the tool
for Postgres happened on October 30th -- do you know if there's a way to
schedule more frequent runs?

If we get volunteers set up, they will start running it daily.

--
--Josh

Josh Berkus
PostgreSQL @ Sun
San Francisco

#4Joshua D. Drake
Joshua D. Drake
jd@commandprompt.com
In reply to: Josh Berkus (#3)
Re: Two Coverity Scan volunteers needed

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 26 Feb 2008 14:45:23 -0800
Josh Berkus <josh@agliodbs.com> wrote:

Neil,

I take a look at this periodically. Apparently the last run of the
tool for Postgres happened on October 30th -- do you know if
there's a way to schedule more frequent runs?

If we get volunteers set up, they will start running it daily.

Would there be a way to script the responses to flag us for things
that are important?

Joshua D. Drake

- --
The PostgreSQL Company since 1997: http://www.commandprompt.com/
PostgreSQL Community Conference: http://www.postgresqlconference.org/
Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
PostgreSQL SPI Liaison | SPI Director | PostgreSQL political pundit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHxJlIATb/zqfZUUQRAtUrAKCFhy/ZSwVrxyko8zDCpq2z1JFZsgCfdK4g
YkKMFzgmefGYmaV/oVj8seg=
=O6Kz
-----END PGP SIGNATURE-----

#5Neil Conway
Neil Conway
neilc@samurai.com
In reply to: Joshua D. Drake (#4)
Re: Two Coverity Scan volunteers needed

On Tue, 2008-02-26 at 14:57 -0800, Joshua D. Drake wrote:

Would there be a way to script the responses to flag us for things
that are important?

I think you need human verification / analysis, which isn't an easy
thing to script.

-Neil

#6Andrej Ricnik-Bay
Andrej Ricnik-Bay
andrej.groups@gmail.com
In reply to: Neil Conway (#5)
Re: Two Coverity Scan volunteers needed

On 27/02/2008, Neil Conway <neilc@samurai.com> wrote:

I think you need human verification / analysis, which isn't an easy
thing to script.

Is that site publicly accessible, do they have some sample
output that one could examine in regards to Joshua's parsing
idea?

-Neil

Cheers,
Andrej

--
Please don't top post, and don't use HTML e-Mail :} Make your quotes concise.

http://www.american.edu/econ/notes/htmlmail.htm

#7Martijn van Oosterhout
Martijn van Oosterhout
kleptog@svana.org
In reply to: Joshua D. Drake (#4)
Re: Two Coverity Scan volunteers needed

On Tue, Feb 26, 2008 at 02:57:12PM -0800, Joshua D. Drake wrote:

If we get volunteers set up, they will start running it daily.

Would there be a way to script the responses to flag us for things
that are important?

There was (briefly) a way for them to send emails whenever something
new was detected. That was kinda useful. However, the number of false
positives is quite large. Maybe it got better but last time I checked
(a while back admittedly) it didn't notice the ereport(ERROR,...) never
returned.

It is possible to export results, and I did that once for all the ECPG
errors so the developers could fix them. Looking at the latest results
it has a lot of warnings about dead-code in libstemmer, which is not
entirely surprising given that it's generated code.

Have a nice day,
--
Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/

Show quoted text

Those who make peaceful revolution impossible will make violent revolution inevitable.
-- John F Kennedy

← Back to Topics