[[PageOutline]] == What is Coverity? == "Coverity Prevent is a static code analysis tool for C, C++, C# and Java source code. It is a commercial product which originated as the Stanford Checker, which used abstract interpretation to identify defects in source code." [http://en.wikipedia.org/wiki/Coverity Wikipedia] [http://scan.coverity.com/ The Coverity Scan Initiative] [http://scan.coverity.com/developers-faq.html Dev FAQ] Haiku is currently a [http://scan.coverity.com/rung1.html Rung 1 project]. == Prerequisites for Use == 1. Commit rights to Haiku's source repository 2. Coverity account (Ask Urias McCullough (umccullough@gmail.com) - he coordinates with Coverity's admins) 3. Accepting the TOS upon first login (see: http://scan.coverity.com/policy.html ) == Workflow == * Log on to [[http://scan.coverity.com:9065|Haiku's Coverity website]]. (Review account info you were given - accessing either via http://scan.coverity.com:9065 or http://scan2.coverity.com:9065 should work) * Look up a Haiku defect * Assess and assign the defect. (To yourself, most likely.) * Commit fixes to defects assigned to you. Mention the CID number in the commit message. ("Bug so and so. CID XXXX.") * Mark the defect as resolved. Mentioning the commit revision number. ("fixed in rXXXXX") == Query hints == Use "Edit Query" button in the top right corner: * Query for: "Individual Defects" * Helpful to use File name to filter query - Example: servers/app - lists all defects in the app_server * Listboxes support mult-select by holding down Shift or Ctrl key WARNING: Occasionally a CID will apply to multiple files - the filter will hide this fact. I suspect this is a bug in Coverity's processing. == Source to avoid == * 3rd party code? == Source that needs special treatment == * Kernel/app_server/input_server/registrar? == Please do == * some text here == Please don't == * some text here == Common defects and their resolutions == * STACK_USE - Not really a bug. It turns out that the new version of the Coverity software automatically enabled this checker with default values, when it had been disabled before. This checker is usually used to analyze for defects in kernel or embedded system code which have tight stack limits. For Haiku, "Ignore" is probably the best resolution for now. == Runs submitted == * Run 10: r42464 nightly-raw with GPL gcc4 build processed on 2011-07-26 * Run 09: r41462 nightly-raw gcc4 build processed on 2011-05-12 * Run 08: r40855 nightly-raw with GPL gcc4 build processed on 2011-03-08 * Run 07: r39894 nightly-raw gcc4 build processed on 2010-12-19 * Run 06: r37534 nightly-raw gcc2hybrid build processed on 2010-07-20 * Run 05: Deleted due to issue with submission * Run 04: r28644 haiku-image gcc2 build processed on 2008-11-18 * Run 03: r27211 haiku-image gcc2 build processed on 2008-09-03 * Run 02: Deleted due to issue with submission * Run 01: r25116 haiku-image gcc2 build processed on 2008-05-21 == Coverity Users == Accounts already created: * aldeck * aljen * anevilyak * axeld * bonefish * brechtm * czeidler * dlmcpaul * dr_evil * emitrax * jackburton * julun * kallisti5 * kirilla * korli * laplace * leavengood * mauricek * mmadia * mmlr * mmu_man * modeenf * nielx * PulkoMandy * scottmc * stippi * stpere * tqh * umccullough * yourpalal * zooey * siarzhuk == Known issues to be resolved by Coverity == * Haiku's listing on the Rung page(s) * does not have a clickable project site link * does not have updated statistics (defect count, LOC, etc.) * does not have a working "Sign in" link * We cannot yet administer the list of users with access * We cannot yet administer extra features such as "Product" and "Component" * Coverity's login page initially complains about browser version, but works anyway