Web lists-archives.com

Re: [PATCH 00/12] Clean up notes-related code around `load_subtree()`




> On 10 Sep 2017, at 09:39, Jeff King <peff@xxxxxxxx> wrote:
> 
> On Sun, Sep 10, 2017 at 06:45:08AM +0200, Michael Haggerty wrote:
> 
>>> So nothing to see here, but since I spent 20 minutes scratching my head
>>> (and I know others look at Coverity output and may scratch their heads
>>> too), I thought it was worth writing up. And also if I'm wrong, it would
>>> be good to know. ;)
>> 
>> Thanks for looking into this. I agree with your analysis.
>> 
>> I wonder whether it is the factor of two between path lengths and byte
>> lengths that is confusing Coverity. Perhaps the patch below would help.
>> It requires an extra, superfluous, check, but perhaps makes the code a
>> tad more readable. I'm neutral on whether we would want to make the change.
> 
> Yeah, I do agree that it makes the code's assumptions a bit easier to
> follow.
> 
>> Is there a way to ask Coverity whether a hypothetical change would
>> remove the warning, short of merging the change to master?
> 
> You can download and run the build portion of the coverity tools
> yourself. IIRC, that pushes the build up to their servers which then do
> the analysis (you can make your own "project", or use the existing "git"
> project -- I checked and you are already listed as an admin). I recall
> it being a minor pain to get it set up, but not too bad.
> 
> Stefan runs it against "pu" on a regular basis, which is where the
> emailed results come from. So just having Junio merge it to "pu" would
> be enough to get results.
> 
> I noticed that they now have some GitHub/Travis integration:
> 
>  https://scan.coverity.com/github
> 
> I'm not sure if that is new, or if we just didn't notice it before. ;)
> But that probably makes more sense to use than ad-hoc uploading (and
> maybe it would make it easy for you to test personal branches, too).

Coverity scans Git already:
https://scan.coverity.com/projects/70

I requested access to this Coverity project to integrate into our TravisCI
build.

- Lars