Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: MythTV: Dev

status of MythTV wrt Coverity Scan

 

 

First page Previous page 1 2 Next page Last page  View All MythTV dev RSS feed   Index | Next | Previous | View Threaded


gjhurlbu at gmail

May 9, 2012, 5:20 PM

Post #26 of 38 (1152 views)
Permalink
Re: status of MythTV wrt Coverity Scan [In reply to]

On Wed, May 9, 2012 at 5:18 PM, Stuart Morgan <stuart [at] tase> wrote:
> We should restrict it to official devs for now because it's not a read-only
> thing and we don't want just anyone modifying the severity/resolution of
> warnings. Much as the help would be appreciated we don't want the hard work of
> triaging to be undone either accidentally or maliciously.
>
> An official dev is anyone with a mythtv.org email address and we should sign
> people up with those addresses.

Sounds like a plan. Please sign me up with ghurlbut [at] mythtv
_______________________________________________
mythtv-dev mailing list
mythtv-dev [at] mythtv
http://www.mythtv.org/mailman/listinfo/mythtv-dev


jyavenard at gmail

May 9, 2012, 5:27 PM

Post #27 of 38 (1147 views)
Permalink
Re: status of MythTV wrt Coverity Scan [In reply to]

On 10 May 2012 10:20, Gavin Hurlbut <gjhurlbu [at] gmail> wrote:
> Sounds like a plan.  Please sign me up with ghurlbut [at] mythtv

Me too:

jyavenard [at] mythtv

thanks
_______________________________________________
mythtv-dev mailing list
mythtv-dev [at] mythtv
http://www.mythtv.org/mailman/listinfo/mythtv-dev


eric at lisaneric

May 9, 2012, 5:28 PM

Post #28 of 38 (1155 views)
Permalink
Re: status of MythTV wrt Coverity Scan [In reply to]

On Wed, May 9, 2012 at 8:20 PM, Gavin Hurlbut <gjhurlbu [at] gmail> wrote:
> On Wed, May 9, 2012 at 5:18 PM, Stuart Morgan <stuart [at] tase> wrote:
>> We should restrict it to official devs for now because it's not a read-only
>> thing and we don't want just anyone modifying the severity/resolution of
>> warnings. Much as the help would be appreciated we don't want the hard work of
>> triaging to be undone either accidentally or maliciously.
>>
>> An official dev is anyone with a mythtv.org email address and we should sign
>> people up with those addresses.
>
> Sounds like a plan.  Please sign me up with ghurlbut [at] mythtv

You should have received an account notification already.

So far I've created accounts for Gavin, Chris Pinkham, Daniel
Kristjansson, JYA, Nicolas Riendeau, Robert Kulagowski, Michael Dean,
Stuart Morgan, and Raymond Wagner.

In addition, there are accounts for myself, a generic "coverity"
account, and a DV account (the contact at Coverity that set all this
up for us).

Eric
_______________________________________________
mythtv-dev mailing list
mythtv-dev [at] mythtv
http://www.mythtv.org/mailman/listinfo/mythtv-dev


pc-mythtv08a at crowcastle

May 9, 2012, 5:40 PM

Post #29 of 38 (1155 views)
Permalink
Re: status of MythTV wrt Coverity Scan [In reply to]

In my experience with Coverity, while many of the defects will be false
positives, most of the time changing the code to avoid the false
positive results in cleaner code. I've also seen lots of developers
flag defects as false positives only to go back later and fix them
because it turned out that Coverity was right. As a general rule, I now
either change the code, or add a comment on the line in question
explaining why Coverity isn't happy.
_______________________________________________
mythtv-dev mailing list
mythtv-dev [at] mythtv
http://www.mythtv.org/mailman/listinfo/mythtv-dev


eric at lisaneric

May 9, 2012, 6:02 PM

Post #30 of 38 (1158 views)
Permalink
Re: status of MythTV wrt Coverity Scan [In reply to]

On Wed, May 9, 2012 at 8:40 PM, Preston Crow
<pc-mythtv08a [at] crowcastle> wrote:
> In my experience with Coverity, while many of the defects will be false
> positives, most of the time changing the code to avoid the false positive
> results in cleaner code.

Sometimes that's true.

Often a false positive happens when following an impossible code path
which, if Coverity were a little smarter, it should be able to figure
out was impossible. However, this kind of code is often brittle.
Future edits might make such paths possible, so code becomes more
robust if the defect is "fixed".

Other times Coverity is just plain wrong and is best just ignored.

Over the last few months I've been testing clang, Coverity, and
Klocwork. Coverity has been the clear leader.

Eric
_______________________________________________
mythtv-dev mailing list
mythtv-dev [at] mythtv
http://www.mythtv.org/mailman/listinfo/mythtv-dev


mythtv at comhem

May 10, 2012, 12:53 AM

Post #31 of 38 (1141 views)
Permalink
Re: status of MythTV wrt Coverity Scan [In reply to]

On 2012-05-10 02:28, Eric Sharkey wrote:
> On Wed, May 9, 2012 at 8:20 PM, Gavin Hurlbut<gjhurlbu [at] gmail> wrote:
>> On Wed, May 9, 2012 at 5:18 PM, Stuart Morgan<stuart [at] tase> wrote:
>>> We should restrict it to official devs for now because it's not a read-only
>>> thing and we don't want just anyone modifying the severity/resolution of
>>> warnings. Much as the help would be appreciated we don't want the hard work of
>>> triaging to be undone either accidentally or maliciously.
>>>
>>> An official dev is anyone with a mythtv.org email address and we should sign
>>> people up with those addresses.
>>
>> Sounds like a plan. Please sign me up with ghurlbut [at] mythtv
>
> You should have received an account notification already.
>
> So far I've created accounts for Gavin, Chris Pinkham, Daniel
> Kristjansson, JYA, Nicolas Riendeau, Robert Kulagowski, Michael Dean,
> Stuart Morgan, and Raymond Wagner.
>
> In addition, there are accounts for myself, a generic "coverity"
> account, and a DV account (the contact at Coverity that set all this
> up for us).

Hi Eric,

Please sign me up as well.

jlindblad [at] mythtv

Cheers
Jonatan
_______________________________________________
mythtv-dev mailing list
mythtv-dev [at] mythtv
http://www.mythtv.org/mailman/listinfo/mythtv-dev


eric at lisaneric

May 15, 2012, 1:53 PM

Post #32 of 38 (1112 views)
Permalink
Re: status of MythTV wrt Coverity Scan [In reply to]

On Mon, May 7, 2012 at 11:07 AM, Stuart Morgan <stuart [at] tase> wrote:
> We can use one of the buildbots to supply the binaries they need. We should
> discuss that with Gavin.

Gavin, how do the buildbots work? Do they build both core mythtv and
the plugins?

Coverity requires a single command to do the build, so getting the
plugins included in the Coverity scan will need a script that can
build everything in one shot. If the buildbot already does something
like this, then I think the next step is to get the Coverity build
running on one of the buildbots, otherwise I can hack something
together and do another manual build with updated sources and
including the plugins this time.

Eric
_______________________________________________
mythtv-dev mailing list
mythtv-dev [at] mythtv
http://www.mythtv.org/mailman/listinfo/mythtv-dev


stuart at tase

May 30, 2012, 4:33 AM

Post #33 of 38 (1053 views)
Permalink
Re: status of MythTV wrt Coverity Scan [In reply to]

On Monday 07 May 2012 16:54:00 Eric Sharkey wrote:
> Since everyone seemed to want master, I did master. I only did the
> core mythtv sources, not the plugins. Is there any reason not to go
> ahead and submit this to Coverity tonight?

Can we get the plugins included in the next run? I suspect that it will find a
few issues, especially idiotic mistakes like the recent memory/file handle
leaks in the mythmusic metadata classes (all my fault).

Also more information about what we need to do to feed in updated
source/builds from buildbot would be good. Exactly what do they need from a
build? Do they pull from us or do we upload to them? This can go off list if
necessary.
--
Stuart Morgan
_______________________________________________
mythtv-dev mailing list
mythtv-dev [at] mythtv
http://www.mythtv.org/mailman/listinfo/mythtv-dev


eric at lisaneric

May 30, 2012, 6:36 AM

Post #34 of 38 (1059 views)
Permalink
Re: status of MythTV wrt Coverity Scan [In reply to]

On Wed, May 30, 2012 at 7:33 AM, Stuart Morgan <stuart [at] tase> wrote:
> On Monday 07 May 2012 16:54:00 Eric Sharkey wrote:
>> Since everyone seemed to want master, I did master.  I only did the
>> core mythtv sources, not the plugins.  Is there any reason not to go
>> ahead and submit this to Coverity tonight?
>
> Can we get the plugins included in the next run?

Yes. I just need to script it into a single build. I've been a bit
under the weather lately and spent most of the last weekend on the
couch.

> Also more information about what we need to do to feed in updated
> source/builds from buildbot would be good. Exactly what do they need from a
> build? Do they pull from us or do we upload to them? This can go off list if
> necessary.

We push a URL to them which they then download.

For scripting into an automated build, they recommended curl for this:

curl --data "project=PROJECT&password=YOURPASSWORD&email=YourEmail&url=YourDownloadLocation"
http://scan5.coverity.com/cgi-bin/submit_build.py

PROJECT is MythTV (case sensitive). I'll send the value of
YOURPASSWORD off list.

Some comments from Dakshesh at Coverity:


---
I noted that the defects arising from the files /external/.* and
/usr/include/qt4, were set as "Ignore"

There is much easy way to do that, we can simply create a component
'external' with all the files under /exclude/.* folder and will be
used for analysis, but will be ignored for defects.
I have created 4 components external (/external/.*) , qt4
(/usr/include/qt4), programs (/programs/.*), and user_include
(/usr/include/.*), and set not to show defects from 2 components
external and usr_include components, that will get rid off 400
defects. This can be done at the way beginning as well when we first
create the project.
And, it will not show the defects from those component at all in the reports/UI.

Let me know if you have any further questions or need clarification.
---
From my Google alert, I came across this blog about Coverity SCAN and
MythTV www.gossamer-threads.com/lists/mythtv/dev/516380

I noticed that there was a discussion about "read-only user".

Most of our Customers usually have Maintainer-user and read-only
users, where 'Maintainer-user' can view defects; triage the defects
AND assign the defects to others user, whereas 'read-only users' can
only view the defects(no triage). 'read-only users' fixes the Source
Code based on triage action decided by Maintainer/Developer user.

Currently we do NOT have 'read-only user' feature in Coverity SCAN,
which is dedicated only for Open Source project.
We can probably provide this by adding checkbox in create user screen
to create user with read-only permission.
Let me know if the discussion was about 'read-only user' in SCAN, and
if you guys are interested, we can add that in Coverity SCAN.
---


I haven't yet gotten back to him wrt either of these.

I don't think the read-only user as described above would be quite
right for MythTV's needs. Ideally, there should be a guest account
that is able to triage bugs but only into certain categories. (e.g. a
guest user should be able to move a defect report from Unclassified to
"Probable Bug" or "Probable False Positive" but not change the status
of a defect already classified as Bug/FP and not be able to classify
defects as Bug/FP.) This would allow anyone to participate in the
triage process without interfering with developer actions.

Eric
_______________________________________________
mythtv-dev mailing list
mythtv-dev [at] mythtv
http://www.mythtv.org/mailman/listinfo/mythtv-dev


eric at lisaneric

Jun 2, 2012, 5:46 PM

Post #35 of 38 (1042 views)
Permalink
Re: status of MythTV wrt Coverity Scan [In reply to]

On 5/30/12, Stuart Morgan <stuart [at] tase> wrote:
> Can we get the plugins included in the next run?

I have a stupid newbie question. How does one normally compile the plugins?

More specifically, I have MythTV 0.25 installed in standard places on
all of my systems, and the source for master under my home. I've
configured mythtv with a --prefix to set the installation directory,
then built and installed it. Then, when compiling the plugins, I used
the same --prefix, but the build fails in mytharchivehelper. The
reason being that the g++ comand line has -L/usr/lib before
-L${prefix}/lib so it resolves -lmythavcodec to the 0.25 version, but
that doesn't work because I get an undefined reference to symbol
'avcodec_open2@@LIBAVCODEC_54'.

Now, obviously I could fix this by either uninstalling myth 0.25 or by
compiling within a chroot, but it seems like there's probably a
simpler way and I'm just missing it. Is there a simple solution for
building one version of mythtv on a system with a different version in
/usr/lib?

If not, I'll just chroot it.

Eric
_______________________________________________
mythtv-dev mailing list
mythtv-dev [at] mythtv
http://www.mythtv.org/mailman/listinfo/mythtv-dev


eric at lisaneric

Jun 3, 2012, 10:51 AM

Post #36 of 38 (1032 views)
Permalink
Re: status of MythTV wrt Coverity Scan [In reply to]

On 6/2/12, Eric Sharkey <eric [at] lisaneric> wrote:
> If not, I'll just chroot it.

I think I've got the chroot all set up now with the various
dependencies installed. I'm re-running the coverity analysis now.

Eric
_______________________________________________
mythtv-dev mailing list
mythtv-dev [at] mythtv
http://www.mythtv.org/mailman/listinfo/mythtv-dev


eric at lisaneric

Jun 3, 2012, 5:30 PM

Post #37 of 38 (1032 views)
Permalink
Re: status of MythTV wrt Coverity Scan [In reply to]

On Wed, May 30, 2012 at 7:33 AM, Stuart Morgan <stuart [at] tase> wrote:
> Can we get the plugins included in the next run? I suspect that it will find a
> few issues, especially idiotic mistakes like the recent memory/file handle
> leaks in the mythmusic metadata classes (all my fault).

The results of the next run are up on Coverity's site now, including
the plugins. I haven't looked at the results in detail yet.

Eric
_______________________________________________
mythtv-dev mailing list
mythtv-dev [at] mythtv
http://www.mythtv.org/mailman/listinfo/mythtv-dev


danielk at cuymedia

Jun 4, 2012, 6:25 AM

Post #38 of 38 (1029 views)
Permalink
Re: status of MythTV wrt Coverity Scan [In reply to]

On 06/02/2012 08:46 PM, Eric Sharkey wrote:
> On 5/30/12, Stuart Morgan<stuart [at] tase> wrote:
>> Can we get the plugins included in the next run?
>
> I have a stupid newbie question. How does one normally compile the plugins?
>
> More specifically, I have MythTV 0.25 installed in standard places on
> all of my systems, and the source for master under my home. I've
> configured mythtv with a --prefix to set the installation directory,
> then built and installed it. Then, when compiling the plugins, I used
> the same --prefix, but the build fails in mytharchivehelper. The
> reason being that the g++ comand line has -L/usr/lib before
> -L${prefix}/lib so it resolves -lmythavcodec to the 0.25 version, but
> that doesn't work because I get an undefined reference to symbol
> 'avcodec_open2@@LIBAVCODEC_54'.

This should work. The .pro file should be re-adding the /usr/lib after
it ads the mythtv directories this will put them later in the link line
and allow things to work properly.

-- Daniel
_______________________________________________
mythtv-dev mailing list
mythtv-dev [at] mythtv
http://www.mythtv.org/mailman/listinfo/mythtv-dev

First page Previous page 1 2 Next page Last page  View All MythTV dev RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.