On Aug 4, 2010, at 9:31 AM, Vaughn Spurlin wrote:
Here's my plan for getting started, to be adjusted based on experience.
I've requested membership in the Inkscape Bug Team. That seems like a more focused group for discussion about bugs found by Coverity analysis.
I agree with ~suv that "coverity" is a good tag for these bugs. I'm OK with any other tag the bug team prefers.
I'll just start filing bugs as soon I find out what tag to use. After filing a bunch, I'll come back and add comments with a suggested fix. I don't expect to fix them all, so anyone else is welcome to contribute their fix first. I'll alternate between adding bugs and adding fixes.
Hi Vaughn. Thanks for the assistance here.
I think, though, that we might want to hold off on a slew of bug reports right off the bat. There are several ways to address things, and many of them should be corrected by more architectural changes.
However... I think the main point would be to see if Coverity still can facilitate access to the runs and live instance itself. Do you know anything about this? Anyway, it's much much nicer to actually interact with Coverity's data and tracking directly so that we can do things such as spot patterns, compare runs, flag various issues, etc.
Among other things, getting ongoing analysis running will help pretty quickly. *Especially* with how dynamic our codebase will be, and how spotty the paid work to correct issues is (aka all volunteer).
Oh, and I agree with you about the details that SA can bring, and how the issues such as dealing with dead code are addressed. We've had to restore things a few times that people had attributed to code being dead that wasn't, and were missing the big picture to catch the real solution. It's definitely an area we want to keep focused and help with.
And, yes, I've used Coverity and other tools in the past. I definitely like the product, and the SA it does can really help more than most expect. We're actually at a good point for that now. Over the last few years one of the things we've been doing has been to increase our warning levels and fix compile time errors as they can be looked at. Now that the bulk of those are settled we can step it up a notch and benefit from some good SA help.