+- Kodi Community Forum (https://forum.kodi.tv)
+-- Forum: Development (https://forum.kodi.tv/forumdisplay.php?fid=32)
+--- Forum: Kodi Application (https://forum.kodi.tv/forumdisplay.php?fid=93)
+--- Thread: How do we submit build to Coverity Scan? (/showthread.php?tid=342142)
How do we submit build to Coverity Scan? - nasif - 2019-03-18
Hi,
I was looking at the defect reports for Kodi on Coverity Scan as a part of my research. My goal is to track changes for the files where Coverity has detected an alert to understand how developers are responding to the alerts from static analysis tools. In short, for now, I am trying to match files on GitHub from Coverity Scan.
It would be greatly helpful if you can answer some of my queries,
1) There are multiple branches for this project. Do you test all the branches individually on Coverity Scan or do you only test the master branch?
2) While looking at Coverity Scan reports, I find some alerts whose file paths apparently don't exist on the master branch (e.g.
cid: 1442921 - /usr/include/c++/7/bits/move.h;
cid:1438977 - /tools/depends/xbmc-depends/x86_64-linux-gnu-debug/include/fmt/format.h).
Can you help me on where these files are located so that I can better understand how to track files on GitHub from Coverity reports?
3) Do you always run Coverity analysis on Kodi with the same configuration (for example, always analyzing the full master branch)?
If you can help me with these answers and any other suggestion on how can I track files on GitHub from the file path listed on Coverity Scan, it would be greatly helpful for me.
Thanks,
Nasif
RE: How do we submit build to Coverity Scan? - fritsch - 2019-03-19
1) master
2) Those files are either depends (libfmt) or standard compiler include files, provided by e.g. libstdc++-7-dev (linux case)
3) yes
Example:
Quote:*** CID 1441972: Memory - illegal accesses (WRAPPER_ESCAPE)
/build/build/xbmc/CompileInfo.cpp: 69 in CCompileInfo::GetBuildDate()()
File: xbmc/CompileInfo.cpp created from: https://github.com/xbmc/xbmc/blob/master/xbmc/CompileInfo.cpp.in
RE: How do we submit build to Coverity Scan? - fritsch - 2019-03-19
And: don't forget about the separate windows scan
RE: How do we submit build to Coverity Scan? - nasif - 2019-03-19
can you elaborate "separate windows scan"?
RE: How do we submit build to Coverity Scan? - Rechi - 2019-03-20
Kodi for Linux with X11 windowing: https://scan.coverity.com/projects/kodi
Kodi for Windows: https://scan.coverity.com/projects/kodi-win32
RE: How do we submit build to Coverity Scan? - nasif - 2019-04-18
Hello,
Thanks for answering my questions. I am a PhD student at North Carolina State University. As a part of our research project, we are looking at how developers respond to alerts from static analysis tools (e.g. Coverity). If anyone from Team Kodi can participate in a short survey answering how your project team monitors Coverity reports, that will help us greatly in our research.
Thanks,
Nasif
RE: How do we submit build to Coverity Scan? - nasif - 2019-08-21
Hi everybody,
We finished a paper on open source projects' Coverity usage in May which will be published in ISSRE'19.
Thanks for your help in giving me access to Coverity data.
I'd love to hear your feedback on this whenever you have time.
Also, based on your experience of using static analysis tools, I'd love to hear if you have any future research suggestions.
Thanks again,
Nasif