Peter Maydell <peter.mayd...@linaro.org> writes: > On 21 January 2015 at 12:47, Markus Armbruster <arm...@redhat.com> wrote: >> We're using the Coverity Scan service[*]. We've put in some effort, and >> we've gotten some mileage out of it, but I feel we could get more. >> >> Judging from the report e-mail I have lying about, we're scanning about >> once a month on average. These reports cuts off after 20 new defects. >> When there are more, which is common, people have to go to the web >> dashboard to see them. When I get one with ten, I may have a look, when >> I get one "Showing 20 of 100 defect(s)", I despair of the task, and put >> it off. > > Right, but coverity reports lots of stuff, much of which is either > wrong or just not very important. The interesting stats here are: > (1) the "high impact outstanding" buglist: we have just 33 of these > (2) the per-component lists: where somebody's been working on the > bug list for that component there are often not many bugs (there > are just 2 outstanding for "arm", for instance)
I agree the sky is most definitely not falling. The defect density is quite uneven (see appended table). "arm" is in good shape indeed, and the largest low-density component. Top-scorers are bt, slirp and 9pfs. Figures; they feel barely maintained these days. >> I think we should scan much more regularly. Once a week, full auto? > > I think a regular automated scan would be useful, yes. Need a volunteer to script that. Any takers? >> I further think we should send the e-mail report to the list, to have >> more eyes on it. > > I agree that we'd benefit much more from more people seeing the > list of coverity reports. I figure that's just a matter of creating a dummy member with the list address. Any objections? Defect density by component, from https://scan.coverity.com/projects/378?tab=overview Component Name Line of Code Defect density bt 4,610 1.74 slirp 6,968 1.44 9pfs 9,493 1.37 user 32,263 0.68 mips 34,321 0.52 Other 390,967 0.51 net 29,412 0.44 lm32 2,836 0.35 ui 43,771 0.32 block 55,171 0.31 ppc 50,323 0.28 disas 38,362 0.26 i386 36,786 0.22 migration 5,249 0.19 usb 26,524 0.19 m68k 5,533 0.18 s390 17,171 0.17 sparc 14,677 0.14 tricore 7,801 0.13 pci 11,292 0.09 scsi 14,521 0.07 arm 69,085 0.01 cris 6,341 0.00 libcacard 3,779 0.00 microblaze 3,482 0.00 monitor 30,044 0.00 nbd 1,714 0.00 openrisc 3,102 0.00 tcg 10,659 0.00 trace 9,090 0.00 unicore32 3,191 0.00 xtensa 7,393 0.00 The size of "Other" shows that our component definitions could use a little love, too :)
