Issue #15202 has been updated by jaruga (Jun Aruga).


Yusuke and Robert, thank you for sharing current status and thoughts.

> I had run the Coverity Scan analysis on CI (twice a week), and I had checked the result only when I felt like. But recently I forgot it completely. By this ticket, I have just noticed that the analysis has not worked since Feb. 2018 :-)

Alright :-) The CI is with Travis CI or a CI in rubyci.org?


> I think the ruby core team always likes to remove bugs from ruby, if these reports
constitute real bugs that is. At the github page of mruby one can see that some sort of
systematically try to find ways to break ruby, if you look at some of the issues there. :P

I found the issues on mruby project. They are doing something :)

https://github.com/mruby/mruby/commit/8da787b
https://github.com/mruby/mruby/commit/a4f63ca
https://github.com/mruby/mruby/commit/b071dcd

> But I think developer manpower is still limited, in numbers alone.
Perhaps not only in numbers but in knowledge too. I am sure there are many people who
know ruby quite well, but significantly fewer who know both ruby and C very well.

One of the benefits to access the result of Coverity Scan casually is that it can be good opportunity for people like me who do not know C very well, to make friends with C in Ruby project.
Because fixing the some issues is easier than implementing new features. Though it might not be a real important issue.

That might increase future potential developer with C in Ruby project.
Recently I fixed a GCC warning issue for Ruby, it was the good opportunity for me.

> What may be useful, perhaps, is if there could be some way to not only find "real"
bugs, but those that seem to be more "promising" and worthwhile to fix. Like to
somehow semi-automatically "promote" the more outstanding bugs from Coverity Scan
or any other method that may have a real, larger impact.

I think that it might be possible to pick up only "real" bugs from the result of Coverity Scan semi-automatically.

> Developer time is limited and I think different members of the ruby core team said
it before, that often priority will be given to "real" problems, as opposed to
theoretical problems or ... not sure about the word ... very unlikely bugs?

I can understand the meaning.


----------------------------------------
Misc #15202: Adding Coverity Scan to CI to see the result casually
https://bugs.ruby-lang.org/issues/15202#change-74317

* Author: jaruga (Jun Aruga)
* Status: Open
* Priority: Normal
* Assignee: 
----------------------------------------
Recently I reported issues detected by code analysis tool mainly using Coverity Scan. 

The 9 issues categorized as "important" was fixed by #15116. (Thank you!)

> https://bugs.ruby-lang.org/issues/15116
>
> However as a "not important" issues, around 1000 issues were detected by the tool for the ruby 2.5.1.
> I am considering how to deal with this or report those.
> I might open an another ticket for that.

However there are around 1000 "not important" issues.

Right now I do not share the report file (840KByte) for that, because it makes people tired.
If someone want to see it, I am happy to share it here as an attachment.

Instead of that, It looks good to me that someone could see the result of coverity scan casually anytime to fix those in long term.

What I want to propose is to add coverity scan test on rubyci or Travis CI.

I do not know how coverity scan is used on current Ruby project as a regular workflow.
But I could see it is actually used from the setting [2] and some tickets. [3]

I found how to use Coverity Scan on Travis CI [4], and the used cases [5][6].

How do you think?


* [1] rubyci: https://www.rubyci.org/
* [2] coverity scan ruby project: https://scan.coverity.com/projects/ruby
* [3] coverity scan used tickets:
  * https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/61862
  * https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/55763
  * https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/50734
* [4] How to use Coverity Scan on Travis CI: https://scan.coverity.com/travis_ci
* [5] The cases for coverity scan on Travis CI:
  * https://github.com/nanoporetech/scrappie/blob/master/.travis.yml
  * https://github.com/JanusGraph/janusgraph/blob/master/.travis.yml




-- 
https://bugs.ruby-lang.org/

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>