On Wednesday, January 16, 2013 15:53:56 David Malcolm wrote: > This is a followup to my proposal in > http://lists.fedoraproject.org/pipermail/devel/2012-December/175232.html > > I want a common output format for static analysis tools so that we can > easily slurp the results from different tools into a database and have a > common system for managing the results (marking false positives, having > automated de-duplication, etc). > > (I like the name "firehose" for the overall system since it describes > the issue we'll have of managing the flood of data). > > I came up with an XML format, which I've uploaded code to here: > https://github.com/fedora-static-analysis/firehose > > Does this look sane? I think that it should be possible to write > converters that turn the output from other tools into this, and I think > it's possible to hack up my static analyzers to emit this format. > > The firehose.py script is able to turn such an XML report into a text > format mimicking what GCC emits, which is useful in Emacs (and probably > other editors) which can parse that text format for clicking through to > the underlying source code being tested. > > Thoughts?
We usually need to maintain more metadata about the scan itself together with the results: arguments given to the analyzer, date/time the scan started/finished, total count of lines processed, hostname, mock config, etc. Also if the results are obtained by subtracting the results of an old version of the package (to report only newly introduced defects), it is good to keep metadata of both the scans. Then you can check that both of them ran with the same configuration, or prevent reporting newly added defects if the old build partially failed. Kamil -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
