kdepimlibs Coverity Scan Report, Oct 14 2014

Gilles Caulier caulier.gilles at gmail.com
Thu Oct 16 18:29:19 BST 2014


Yes, Web interface is a pleasure to use and learn about dysfunctions.

I recommend highly to generalize Coverity SCAN for whole KDE. It's
really good static code analyzer Sure it give false positive but
mostly all are true, and sometime very instructive about code writing
from contributors.

Compared to cppcheck, Coverity can see in-deep dysfunctions where
cppcheck report nothing. I can see more false positive from cppcheck
than Coverity.

If you look opensource projects scanned by Coverity, you will seen all
most important on the world.

Gilles Caulier

2014-10-16 18:48 GMT+02:00 David Jarvie <djarvie at kde.org>:
> On Thu, October 16, 2014 2:06 pm, Gilles Caulier wrote:
>> 2014-10-16 12:29 GMT+02:00 Ben Cooksley <bcooksley at kde.org>:
>>> On Thu, Oct 16, 2014 at 8:53 PM, Gilles Caulier
>>> <caulier.gilles at gmail.com> wrote:
>>>> Allen,
>>>
>>> Hi Gilles,
>>>
>>>>
>>>> Just a workflow question : why to export Coverity report to CSV where
>>>> you can send automatically a mail to devel mailing list when scan is
>>>> complete, with a a list of new defect found in code.
>>>>
>>>> I use Coverity since more than one year with whole digiKam code, and
>>>> we have already fixed more than 500 entries detected. The Coverity web
>>>> interface is really more suitable than a export to CSV. Defect are
>>>> very well explained in source context, with all conditions used to
>>>> check implementation.
>>>>
>>>> The only constrain is to have an account for each contributors who
>>>> will fixed entries.
>>>
>>> I suspect that is why Allen is sending out the HTML/CSV output -
>>> because not everyone has access and it is helpful to have this
>>> information publicly accessible.
>>
>> All is configurable in Coverity interface. You can invite people and
>> attribute role.
>>
>> Web interface is so far more powerful to use than CSV, and permit a
>> time gain to fix issues.
>
> The CSV version doesn't contain line numbers, so it's impossible to know
> what code some of the issues refer to. I seem to remember that the web
> interface doesn't have that problem.
>
> --
> David Jarvie.
> KDE developer.
> KAlarm author - http://www.astrojar.org.uk/kalarm
>




More information about the kde-core-devel mailing list