Thread

  1. Two Coverity Scan volunteers needed

    Josh Berkus <josh@agliodbs.com> — 2008-02-26T19:33:54Z

    Hackers,
    
    As you may have read, Coverity is running their static analysis tool ("Scan") 
    against the PostgreSQL codebase daily: http://scan.coverity.com/
    
    We need two (or more) PostgreSQL hackers to volunteer to regularly check the 
    Coverity reports and either fix/forward the bugs found, or (more often) mark 
    them as non-bugs in the Coverity system.  This no longer requires extensive 
    NDAs, so people who couldn't do it last time due to work conflicts shouldn't 
    still have that problem.
    
    This should only require a couple hours a week of work, and would be an 
    excellent contribution from a new hacker who wants an intensive way to learn 
    the whole PostgreSQL code base.  We should also get a core contributor signed 
    up too, though.
    
    Please e-mail me if you can commit to helping with this, and I'll get you a 
    login.
    
    -- 
    Josh Berkus
    PostgreSQL @ Sun
    San Francisco
    
    
  2. Re: Two Coverity Scan volunteers needed

    Neil Conway <neilc@samurai.com> — 2008-02-26T20:26:11Z

    On Tue, 2008-02-26 at 11:33 -0800, Josh Berkus wrote:
    > We need two (or more) PostgreSQL hackers to volunteer to regularly check the 
    > Coverity reports and either fix/forward the bugs found, or (more often) mark 
    > them as non-bugs in the Coverity system.
    
    I take a look at this periodically. Apparently the last run of the tool
    for Postgres happened on October 30th -- do you know if there's a way to
    schedule more frequent runs?
    
    -Neil
    
    
    
    
  3. Re: Two Coverity Scan volunteers needed

    Josh Berkus <josh@agliodbs.com> — 2008-02-26T22:45:23Z

    Neil,
    
    > I take a look at this periodically. Apparently the last run of the tool
    > for Postgres happened on October 30th -- do you know if there's a way to
    > schedule more frequent runs?
    
    If we get volunteers set up, they will start running it daily.
    
    -- 
    --Josh
    
    Josh Berkus
    PostgreSQL @ Sun
    San Francisco
    
    
  4. Re: Two Coverity Scan volunteers needed

    Joshua D. Drake <jd@commandprompt.com> — 2008-02-26T22:57:12Z

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    On Tue, 26 Feb 2008 14:45:23 -0800
    Josh Berkus <josh@agliodbs.com> wrote:
    
    > Neil,
    > 
    > > I take a look at this periodically. Apparently the last run of the
    > > tool for Postgres happened on October 30th -- do you know if
    > > there's a way to schedule more frequent runs?
    > 
    > If we get volunteers set up, they will start running it daily.
    
    Would there be a way to script the responses to flag us for things
    that are important? 
    
    Joshua D. Drake 
    
    
    - -- 
    The PostgreSQL Company since 1997: http://www.commandprompt.com/ 
    PostgreSQL Community Conference: http://www.postgresqlconference.org/
    Donate to the PostgreSQL Project: http://www.postgresql.org/about/donate
    PostgreSQL SPI Liaison | SPI Director |  PostgreSQL political pundit
    
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)
    
    iD8DBQFHxJlIATb/zqfZUUQRAtUrAKCFhy/ZSwVrxyko8zDCpq2z1JFZsgCfdK4g
    YkKMFzgmefGYmaV/oVj8seg=
    =O6Kz
    -----END PGP SIGNATURE-----
    
  5. Re: Two Coverity Scan volunteers needed

    Neil Conway <neilc@samurai.com> — 2008-02-26T23:49:43Z

    On Tue, 2008-02-26 at 14:57 -0800, Joshua D. Drake wrote:
    > Would there be a way to script the responses to flag us for things
    > that are important? 
    
    I think you need human verification / analysis, which isn't an easy
    thing to script.
    
    -Neil
    
    
    
    
  6. Re: Two Coverity Scan volunteers needed

    Andrej <andrej.groups@gmail.com> — 2008-02-27T00:29:33Z

    On 27/02/2008, Neil Conway <neilc@samurai.com> wrote:
    > I think you need human verification / analysis, which isn't an easy
    >  thing to script.
    Is that site publicly accessible, do they have some sample
    output that one could examine in regards to Joshua's parsing
    idea?
    
    >  -Neil
    Cheers,
    Andrej
    
    
    -- 
    Please don't top post, and don't use HTML e-Mail :}  Make your quotes concise.
    
    http://www.american.edu/econ/notes/htmlmail.htm
    
    
  7. Re: Two Coverity Scan volunteers needed

    Martijn van Oosterhout <kleptog@svana.org> — 2008-02-27T08:19:07Z

    On Tue, Feb 26, 2008 at 02:57:12PM -0800, Joshua D. Drake wrote:
    > > If we get volunteers set up, they will start running it daily.
    > 
    > Would there be a way to script the responses to flag us for things
    > that are important? 
    
    There was (briefly) a way for them to send emails whenever something
    new was detected. That was kinda useful. However, the number of false
    positives is quite large. Maybe it got better but last time I checked
    (a while back admittedly) it didn't notice the ereport(ERROR,...) never
    returned.
    
    It is possible to export results, and I did that once for all the ECPG
    errors so the developers could fix them. Looking at the latest results
    it has a lot of warnings about dead-code in libstemmer, which is not
    entirely surprising given that it's generated code.
    
    Have a nice day,
    -- 
    Martijn van Oosterhout   <kleptog@svana.org>   http://svana.org/kleptog/
    > Those who make peaceful revolution impossible will make violent revolution inevitable.
    >  -- John F Kennedy