Re: [Audacity-devel] Coverity setup for audacity
A free multi-track audio editor and recorder
Brought to you by:
aosiniao
From: Vaughan J. <va...@au...> - 2013-08-14 00:35:20
|
On 8/12/2013 4:58 PM, Martyn Shaw wrote: > Thanks Campbell! +1. > > Wow! That's some smart code! I see that it has identified more than > 170 issues, some of which are like a possible 'divide by zero' buried > in more than 20 conditionals, or something like that. > > I assume that some of these 'problems' identified correspond to issues > on our bugzilla. If only we knew which corresponded to which, it > would be a great tool! > > Also, I assume that some of these are 'false positives', but it would > take a better C++ person than me to identify them quickly. Btw, I ran Sentry on Audacity about a year and a half ago (prior to releasing 2.0.0). They told me they'd renew the license, but I'd need to request it about every 3 months and I haven't done so. They turned up lots of bugs, but nowhere near priority of our P1 or P2 bugs, so I did primarily the obviously dangerous ones it turned up. Iirc, cppcheck was less useful. It's definitely a lot of work to filter which are consequential, but worth a shot. > > On 12/08/2013 02:21, Campbell Barton wrote: >> Added Martyn as an admin, invite sent to Vaughan - as admin too. > > Thanks. Thanks. Haven't received an email about it. > >> Note, there are quite a lot of reports in 3rd party libraries (lib-src), >> some of them that are almost certainly real bugs I've submitted >> patches upstream. > > And thanks for that. > >> But this is mostly noise and I've masked out for now, if anyone wants >> these back on again just ask. > > No, I'll leave it for them - enough to deal with here! Indeed. That's been our policy all along. > >> >From my experience - the best way to use this is to go over all >> reports fixing or marking as `false-positives` or `intentional` (over >> some weeks/months - no rush). > > What experience do you have with this? It sounds like you have used > it extensively, and you certainly have submitted useful patches using > it that Vaughan committed. > >> Then run the tests weekly or so, The best benefit you get then is >> alerting of newly created issues which can be fixed before users >> complain about them in a release. Yes. Unfortunately, I've had other priorities, so haven't run Sentry or cppcheck in a while. > > That sounds like a good tip, if we don't have 170+ issues! :-) > >> Also I wouldn't bother with manually submitting builds, thats why I >> setup a shell-script for that. Thanks. > > So, are you volunteering to fix/mark off/flag the issues and keep a > watch on it for us? That would be most useful! ;-) > > My big question is, is it really worth fixing all the issues flagged? > Is it a benefit for the time it would take? I'll probably weigh in on that after I see the results. :-) - V > > TTFN > Martyn > >> On Mon, Aug 12, 2013 at 9:33 AM, Vaughan Johnson >> <va...@au...> wrote: >>> Actually the commits I made were based on what Campbell reported, I >>> haven't had time yet to look at the service. Campbell, please do invite >>> me to participate. And likewise, thanks for setting it up. :-) >>> >>> Thanks! >>> >>> - V >>> >>> >>> On 8/11/2013 1:23 PM, Martyn Shaw wrote: >>>> Hi Campbell >>>> >>>> This looks interesting and thanks for doing it for us! I see that >>>> Vaughan has committed some changes as a result of using it. >>>> >>>> Please give me access to these results, just for interest. >>>> >>>> Thanks >>>> Martyn >>>> >>>> On 05/08/2013 21:10, Campbell Barton wrote: >>>>> Hi, I've setup audacity with scan.coverity.com and uploaded a some builds, >>>>> (Recent patch I sent in fixing leaks was from checking coverity reports). >>>>> >>>>> Screenshot: >>>>> http://www.graphicall.org/ftp/ideasman42/audacity_coverity_example.png >>>>> >>>>> The way it works at the moment is anyone who is interested to view >>>>> error reports needs to be invited, so feel free to mail me and I'll >>>>> add you as a member. >>>>> If existing devs want admin access so you don't have to rely on me for >>>>> this, happy to add other admins too. >>>>> >>>>> I've looked over the results and it looks like it has found some more >>>>> real errors. >>>>> >>>>> in case anyones interested, heres the shell script I use to automate >>>>> uploading new builds. >>>>> https://github.com/ideasman42/home/blob/master/bin/cov_build_audacity.sh >>>>> >>>>> >>>>> Note that I have no affiliation with Coverity and anyone can get a >>>>> login and set this up for opensource projects, >>>>> I'd prefer not to use closed-source online applications, but their >>>>> service is free-as-in-beer and quite good quality. >>>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Get 100% visibility into Java/.NET code with AppDynamics Lite! >>>> It's a free troubleshooting tool designed for production. >>>> Get down to code-level detail for bottlenecks, with <2% overhead. >>>> Download for free and get started troubleshooting in minutes. >>>> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk >>>> _______________________________________________ >>>> audacity-devel mailing list >>>> aud...@li... >>>> https://lists.sourceforge.net/lists/listinfo/audacity-devel >>>> >>> >>> ------------------------------------------------------------------------------ >>> Get 100% visibility into Java/.NET code with AppDynamics Lite! >>> It's a free troubleshooting tool designed for production. >>> Get down to code-level detail for bottlenecks, with <2% overhead. >>> Download for free and get started troubleshooting in minutes. >>> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk >>> _______________________________________________ >>> audacity-devel mailing list >>> aud...@li... >>> https://lists.sourceforge.net/lists/listinfo/audacity-devel >> >> >> > > ------------------------------------------------------------------------------ > Get 100% visibility into Java/.NET code with AppDynamics Lite! > It's a free troubleshooting tool designed for production. > Get down to code-level detail for bottlenecks, with <2% overhead. > Download for free and get started troubleshooting in minutes. > http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk > _______________________________________________ > audacity-devel mailing list > aud...@li... > https://lists.sourceforge.net/lists/listinfo/audacity-devel > |