← Back to team overview

maria-developers team mailing list archive

Re: Coverity scan results

 

Hi, Christian!

On Feb 07, Christian Convey wrote:
> >
> > Okay, you can create an account for me. But it would be better if
> > you could find which of those defects are real.
> 
> I'm perfectly content to follow the path which you consider to be the
> better one: me checking each individual issue reported.  It will take
> a long time, but at least I'll learn a lot about the code.

Usually there's a pattern, and many false positives fall under it.
Please create an account for me, and I'll see if we could quickly
discard many false positives.

> Some of the bugs that Coverity finds will only come up with very
> unusual paths through the code.  Coverity now provides a very clear
> explanation of how such a path through the code could occur.  When
> this happens, as a C++ programmer I find myself well-convinced that
> there's a bug.  But, especially as a newbie, it could require many
> hours for me to create a test case which actually triggers that bug
> during execution.  In such cases, what would be better: report the bug
> once I'm personally convinced it's real, or to report it only after
> I've created a test case which reliably triggers the bug?

No, I didn't mean that you need to create a test case - only to look at
what Coverity reports. Sometimes it might be very difficult to trigger a
bug, for example, it may happen only if, say, malloc(10) in some
specific place would return NULL.

Regards,
Sergei


Follow ups

References