The Coverity Static Analysis Scan at https://scan.coverity.com/projects/llvm
has stopped running. The last analysis was Oct 21, 2022. Could someone with admin right check on this?
yeah, i will have a look
i didn’t think that someone was looking at the result
I found the issue, i will retrigger a build, should be ok tomorrow (Tuesday)
@sylvestre Thanks for looking into it. I work on other projects where a summary of the results are sent to the dev list once a week listing any new issues. Here is an example:
https://lists.freedesktop.org/archives/libreoffice/2023-January/089786.html
We could set something like that up with LLVM’s Discourse. This would give it a lot more visibility. A link should also be added to the llvm.org dev resources list. If it’s not posted anywhere and if we’re not using Coverity’s Weekly Report to notify devs, of course the usage will be low.
@tstellar would you object to a weekly thread on new issues sent to llvmproject@discourse.llvm.org like above?
Fixed
It is now also showing new defects in:
- flang - 362 defects
- bolt - 65 defects
- libc++ - 33 defects
- libc++abi - 6 defects
@sylvestre Thanks so much for fixing this. I see it’s working now.
Tom gave the OK, to send weekend snapshot reports to Discourse. Could you please follow the instructions here:Synopsys Software Integrity Customer Community
To email llvmproject@discourse.llvm.org like LibreOffice does? This will make Coverity scans much more useful to the community.
Thanks again for getting it running!
create a new view that shows defects added in the last snapshot only
I don’t know how to do that.
How Libreoffice does it?
@sylvestre
To set up email notifications:
- Login to Coverity
- Click on hamburger icon on top left to display the list of available views.
- Hover over the view which you have created.
- You would see a drop down arrow next to the view name. Click on it → select notification.
- Fill in the Schedule, Recipients and Projects tab. On Schedule tab, check on “Send email when a new snapshot is created”. This will send an email when a new snapshot is added. Since the view shows new defects from last snapshot, the content will show only the new defects.
If you have any issues, I could ask their admin for their Coverity settings.
Thanks @sylvestre - there are a few of us that still keep a watch on the Coverity reports!
Having the new issues being emailed to the llvm-bugs list would be useful, users can easily request to be subscribed to the Coverity report themselves, but that would mean it at least reaches a larger audience.
OK, thanks. I tried but I am getting
“System email preferences must be configured before sending”
and I don’t know if/how it is available for the free version of coverity scan ?!
@tonic or @tstellar Can you please create a staged user for
scan-admin@coverity.com
There should be an email from Coverity on 2/2/23. Discourse will block unregistered emails by default. See below for more details.
@tonic @mehdi_amini or @akorobeynikov
Can you please create a staged user for scan-admin@coverity.com There should be an email from Coverity on 2/2/23 and 2/9/23. Discourse will block unregistered emails by default.
I’m a little concerned about automated posts going to Discourse forums. I have some questions…
For example - How would this impact the search results on the site? If I wanted to search for TableGen, would I have to wade through bunch of coverity reports? Or is it just simply a link that gets posted? (the example seems to indicate no)
Is posting to the LLVM Project category the right place? Should we have another category that is opt-in for notifications.
Is the output of Coverity under any specific license that conflicts with the LLVM License?
Is weekly too frequent?
Does the LLVM community in general want these scan reports?
I forwarded you an example email report for coverity so you can have an idea about it.
I think this should go in a separate dedicated category.
I found them useful, and was fixing LLVM issues back in the days. I liked that the email showed the new defects from the last week, so I would also git blame the files and go report issues on the revisions that introduced the bug. Since it was recent it was often actionable by the author who just landed it.
At some point I also got MLIR to be almost down to zero (then I got busy with other things…).
Thanks for forwarding!
I did a little research too and it turns out the Discourse can set search priorities on categories. So I think if we put this in its own category, we can lower the search results on the category which would solve my concern about search results.
@tonic since @mehdi_amini and @tstellar agree it’s a good idea, is there any hold up now to adding Coverity as a staged users? I’ve observed the reports on LibreOffice’s dev list since 2012. Overall, it’s my impression that the community see is as a huge win. If the community here objects, it’s easy enough for Sylvester or for you to turn it off or block. So can we please proceed?
Another report was sent out today by scan-admin@coverity.com,
subject: “New Defects reported by Coverity Scan for llvm”
Do you need help configuring this email as a staged user?