2014-03-15, 14:31
Hi,
I was wondering if there are any plans to do more regular Coverity builds? As I believe the value of static analysis is in the regularity of it saying stuff has changed/broken.
The current xbmc project is on:
https://scan.coverity.com/projects/248
and last had a build 4 months ago.
Looking over the current list of coverity issues there are a fair number that wouldn't be hard to fix (uninitialized variables in class constructors seem to be the biggest offender), but without fresh scans it'd be hard to confirm that they get fixed.
I believe it was also help raise the "quality" as Coverity can help avoid silly mistakes creeping in.
From what I can tell coverity offer the option to feed scan data from various sources, or run actual builds. I suspect that Jenkins could do coverity builds, nightly or weekly, and push the results. The advantage with Jenkins doing it would probably be platform coverage, as it would then do windows and linux.
Another option maybe to use travis_ci to do a coverity build:
https://scan.coverity.com/travis_ci
I would offer to assist, but it needs access to various things which I don't have (and don't expect to have, as I'm new around here )
I could cheat the system, and add my github fork of xbmc to it, but that would seem to defeat the purpose, although perhaps it would let me generate fixes and confirm that the fix resolves the issue.
If anyone was wondering what some of the issues are it finds are, I fixed a few here (null de-ref checks missing/wrong place, resource leak and in correct exception thrown):
https://github.com/xbmc/xbmc/pull/4431
It's also pointed out things that are just strange (which I will raise as a bug), eg this loop:
https://github.com/xbmc/xbmc/blob/master...o.cpp#L469
It leaks resource, as dsub is not freed, or referenced, I suspect it should be adding the dsub to the stream.
And the i++ is unreachable, because the return true is inside the loop.
I would take a stab at fixing it, but I know nothing about the subtitles code and what the desired behaviour is.
Thoughts,
Chris
I was wondering if there are any plans to do more regular Coverity builds? As I believe the value of static analysis is in the regularity of it saying stuff has changed/broken.
The current xbmc project is on:
https://scan.coverity.com/projects/248
and last had a build 4 months ago.
Looking over the current list of coverity issues there are a fair number that wouldn't be hard to fix (uninitialized variables in class constructors seem to be the biggest offender), but without fresh scans it'd be hard to confirm that they get fixed.
I believe it was also help raise the "quality" as Coverity can help avoid silly mistakes creeping in.
From what I can tell coverity offer the option to feed scan data from various sources, or run actual builds. I suspect that Jenkins could do coverity builds, nightly or weekly, and push the results. The advantage with Jenkins doing it would probably be platform coverage, as it would then do windows and linux.
Another option maybe to use travis_ci to do a coverity build:
https://scan.coverity.com/travis_ci
I would offer to assist, but it needs access to various things which I don't have (and don't expect to have, as I'm new around here )
I could cheat the system, and add my github fork of xbmc to it, but that would seem to defeat the purpose, although perhaps it would let me generate fixes and confirm that the fix resolves the issue.
If anyone was wondering what some of the issues are it finds are, I fixed a few here (null de-ref checks missing/wrong place, resource leak and in correct exception thrown):
https://github.com/xbmc/xbmc/pull/4431
It's also pointed out things that are just strange (which I will raise as a bug), eg this loop:
https://github.com/xbmc/xbmc/blob/master...o.cpp#L469
It leaks resource, as dsub is not freed, or referenced, I suspect it should be adding the dsub to the stream.
And the i++ is unreachable, because the return true is inside the loop.
I would take a stab at fixing it, but I know nothing about the subtitles code and what the desired behaviour is.
Thoughts,
Chris