[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Coverity and Apache buildbots.

From: Hyrum K Wright <hyrum.wright_at_wandisco.com>
Date: Sat, 26 May 2012 07:46:38 -0500

On Fri, May 25, 2012 at 3:09 PM, Pedro Giffuni <pfg_at_apache.org> wrote:
> Hello guys;
>
> Sorry to contact you about something somewhat off-topic but perhaps
> someone here can give me details (in private is OK) on how the Coverity
> scans are generated?
>
> On another Apache project we want to use coverity but infra@ is not
> aware about anything on their side that is required to enable it.

The Coverity scans are all done on their infrastructure, with reports
limited to people whom they have authorized to view them.

To be honest, it's been a long while since we as a project have done
anything meaningful with the Coverity reports. Their system works by
substituting their scanning compiler for the "normal" one and then
running the project build system. Some time ago, something about our
build system changed which broke their automation to the point where
the vast majority of the project wasn't being covered. To compound
problems, the link to login to fetch results went bad a few months
after that, and efforts to contact them to determine a fix have been
futile. While I personally am appreciative of the static analysis
tools Coverity provides, the lack of responsiveness has negated that
benefit.

In short, you need to contact Coverity directly, but it may take a lot
of effort.

If you are looking for static analysis tools, you may be interested in
the Clang static analyzer. I have found it to be pretty useful in
finding many of the same issues Coverity claims to find. You can find
more information about it here:
http://clang-analyzer.llvm.org/

Best,
-Hyrum

-- 
uberSVN: Apache Subversion Made Easy
http://www.uberSVN.com/
Received on 2012-05-26 14:47:14 CEST

This is an archived mail posted to the Subversion Dev mailing list.