How do we submit build to Coverity Scan?
#1
Hi,

I was looking at the defect reports for Kodi on Coverity Scan as a part of my research. My goal is to track changes for the files where Coverity has detected an alert to understand how developers are responding to the alerts from static analysis tools. In short, for now, I am trying to match files on GitHub from Coverity Scan.

It would be greatly helpful if you can answer some of my queries,

1) There are multiple branches for this project. Do you test all the branches individually on Coverity Scan or do you only test the master branch?

2) While looking at Coverity Scan reports, I find some alerts whose file paths apparently don't exist on the master branch (e.g. 
cid: 1442921 - /usr/include/c++/7/bits/move.h; 
cid:1438977 - /tools/depends/xbmc-depends/x86_64-linux-gnu-debug/include/fmt/format.h).
Can you help me on where these files are located so that I can better understand how to track files on GitHub from Coverity reports?

3) Do you always run Coverity analysis on Kodi with the same configuration (for example, always analyzing the full master branch)?

If you can help me with these answers and any other suggestion on how can I track files on GitHub from the file path listed on Coverity Scan, it would be greatly helpful for me.

Thanks,
Nasif
Reply
#2
1) master
2) Those files are either depends (libfmt) or standard compiler include files, provided by e.g. libstdc++-7-dev (linux case)
3) yes

Example:
Quote:*** CID 1441972:  Memory - illegal accesses  (WRAPPER_ESCAPE)
/build/build/xbmc/CompileInfo.cpp: 69 in CCompileInfo::GetBuildDate()()

File: xbmc/CompileInfo.cpp created from: https://github.com/xbmc/xbmc/blob/master...nfo.cpp.in
First decide what functions / features you expect from a system. Then decide for the hardware. Don't waste your money on crap.
Reply
#3
And: don't forget about the separate windows scan
First decide what functions / features you expect from a system. Then decide for the hardware. Don't waste your money on crap.
Reply
#4
can you elaborate "separate windows scan"?
Reply
#5
Kodi for Linux with X11 windowing: https://scan.coverity.com/projects/kodi
Kodi for Windows: https://scan.coverity.com/projects/kodi-win32
Reply
#6
Hello,

Thanks for answering my questions. I am a PhD student at North Carolina State University. As a part of our research project, we are looking at how developers respond to alerts from static analysis tools (e.g. Coverity). If anyone from Team Kodi can participate in a short survey answering how your project team monitors Coverity reports, that will help us greatly in our research.

Thanks,
Nasif
Reply
 
Thread Rating:
  • 0 Vote(s) - 0 Average



Logout Mark Read Team Forum Stats Members Help
How do we submit build to Coverity Scan?00