Re: [Gluster-devel] Coverity scan - how does it ignore dismissed defects & annotations?
On Fri, 3 May 2019 at 16:07, Amar Tumballi Suryanarayan wrote: > > > On Fri, May 3, 2019 at 3:17 PM Atin Mukherjee wrote: > >> >> >> On Fri, 3 May 2019 at 14:59, Xavi Hernandez wrote: >> >>> Hi Atin, >>> >>> On Fri, May 3, 2019 at 10:57 AM Atin Mukherjee >>> wrote: >>> I'm bit puzzled on the way coverity is reporting the open defects on GD1 component. As you can see from [1], technically we have 6 open defects and all of the rest are being marked as dismissed. We tried to put some additional annotations in the code through [2] to see if coverity starts feeling happy but the result doesn't change. I still see in the report it complaints about open defect of GD1 as 25 (7 as High, 18 as medium and 1 as Low). More interestingly yesterday's report claimed we fixed 8 defects, introduced 1, but the overall count remained as 102. I'm not able to connect the dots of this puzzle, can anyone? >>> >>> Maybe we need to modify all dismissed CID's so that Coverity considers >>> them again and, hopefully, mark them as solved with the newer updates. They >>> have been manually marked to be ignored, so they are still there... >>> >> >> After yesterday’s run I set the severity for all of them to see if >> modifications to these CIDs make any difference or not. So fingers crossed >> till the next report comes :-) . >> > > If you noticed the previous day report, it was 101 'Open defects' and 65 > 'Dismissed' (which means, they are not 'fixed in code', but dismissed as > false positive or ignore in CID dashboard. > > Now, it is 57 'Dismissed', which means, your patch has actually fixed 8 > defects. > > >> >> >>> Just a thought, I'm not sure how this really works. >>> >> >> Same here, I don’t understand the exact workflow and hence seeking >> additional ideas. >> >> > Looks like we should consider overall open defects as Open + Dismissed. > This is why I’m concerned. There’re defects which we clearly can’t or don’t want to fix and in that case even though they are marked as dismissed the overall open defect count doesn’t come down. So we’d never be able to come down below total number of dismissed defects :-( . However today’s report bring the overall count down to 97 from 102. Coverity claimed we fixed 0 defects since last scan which means somehow my update at those GD1 dismissed defects did a trick for 5 defects. This continues to be a great puzzle for me! > >> >>> Xavi >>> >>> [1] https://scan.coverity.com/projects/gluster-glusterfs/view_defects [2] https://review.gluster.org/#/c/22619/ ___ Gluster-devel mailing list Gluster-devel@gluster.org https://lists.gluster.org/mailman/listinfo/gluster-devel >>> >>> -- >> - Atin (atinm) >> ___ >> Gluster-devel mailing list >> Gluster-devel@gluster.org >> https://lists.gluster.org/mailman/listinfo/gluster-devel > > > > -- > Amar Tumballi (amarts) > -- - Atin (atinm) ___ Gluster-devel mailing list Gluster-devel@gluster.org https://lists.gluster.org/mailman/listinfo/gluster-devel
Re: [Gluster-devel] Coverity scan - how does it ignore dismissed defects & annotations?
On Fri, May 3, 2019 at 3:17 PM Atin Mukherjee wrote: > > > On Fri, 3 May 2019 at 14:59, Xavi Hernandez wrote: > >> Hi Atin, >> >> On Fri, May 3, 2019 at 10:57 AM Atin Mukherjee >> wrote: >> >>> I'm bit puzzled on the way coverity is reporting the open defects on GD1 >>> component. As you can see from [1], technically we have 6 open defects and >>> all of the rest are being marked as dismissed. We tried to put some >>> additional annotations in the code through [2] to see if coverity starts >>> feeling happy but the result doesn't change. I still see in the report it >>> complaints about open defect of GD1 as 25 (7 as High, 18 as medium and 1 as >>> Low). More interestingly yesterday's report claimed we fixed 8 defects, >>> introduced 1, but the overall count remained as 102. I'm not able to >>> connect the dots of this puzzle, can anyone? >>> >> >> Maybe we need to modify all dismissed CID's so that Coverity considers >> them again and, hopefully, mark them as solved with the newer updates. They >> have been manually marked to be ignored, so they are still there... >> > > After yesterday’s run I set the severity for all of them to see if > modifications to these CIDs make any difference or not. So fingers crossed > till the next report comes :-) . > If you noticed the previous day report, it was 101 'Open defects' and 65 'Dismissed' (which means, they are not 'fixed in code', but dismissed as false positive or ignore in CID dashboard. Now, it is 57 'Dismissed', which means, your patch has actually fixed 8 defects. > > >> Just a thought, I'm not sure how this really works. >> > > Same here, I don’t understand the exact workflow and hence seeking > additional ideas. > > Looks like we should consider overall open defects as Open + Dismissed. > >> Xavi >> >> >>> >>> [1] https://scan.coverity.com/projects/gluster-glusterfs/view_defects >>> [2] https://review.gluster.org/#/c/22619/ >>> ___ >>> Gluster-devel mailing list >>> Gluster-devel@gluster.org >>> https://lists.gluster.org/mailman/listinfo/gluster-devel >> >> -- > - Atin (atinm) > ___ > Gluster-devel mailing list > Gluster-devel@gluster.org > https://lists.gluster.org/mailman/listinfo/gluster-devel -- Amar Tumballi (amarts) ___ Gluster-devel mailing list Gluster-devel@gluster.org https://lists.gluster.org/mailman/listinfo/gluster-devel
Re: [Gluster-devel] Coverity scan - how does it ignore dismissed defects & annotations?
On Fri, 3 May 2019 at 14:59, Xavi Hernandez wrote: > Hi Atin, > > On Fri, May 3, 2019 at 10:57 AM Atin Mukherjee > wrote: > >> I'm bit puzzled on the way coverity is reporting the open defects on GD1 >> component. As you can see from [1], technically we have 6 open defects and >> all of the rest are being marked as dismissed. We tried to put some >> additional annotations in the code through [2] to see if coverity starts >> feeling happy but the result doesn't change. I still see in the report it >> complaints about open defect of GD1 as 25 (7 as High, 18 as medium and 1 as >> Low). More interestingly yesterday's report claimed we fixed 8 defects, >> introduced 1, but the overall count remained as 102. I'm not able to >> connect the dots of this puzzle, can anyone? >> > > Maybe we need to modify all dismissed CID's so that Coverity considers > them again and, hopefully, mark them as solved with the newer updates. They > have been manually marked to be ignored, so they are still there... > After yesterday’s run I set the severity for all of them to see if modifications to these CIDs make any difference or not. So fingers crossed till the next report comes :-) . > Just a thought, I'm not sure how this really works. > Same here, I don’t understand the exact workflow and hence seeking additional ideas. > Xavi > > >> >> [1] https://scan.coverity.com/projects/gluster-glusterfs/view_defects >> [2] https://review.gluster.org/#/c/22619/ >> ___ >> Gluster-devel mailing list >> Gluster-devel@gluster.org >> https://lists.gluster.org/mailman/listinfo/gluster-devel > > -- - Atin (atinm) ___ Gluster-devel mailing list Gluster-devel@gluster.org https://lists.gluster.org/mailman/listinfo/gluster-devel
Re: [Gluster-devel] Coverity scan - how does it ignore dismissed defects & annotations?
Hi Atin, On Fri, May 3, 2019 at 10:57 AM Atin Mukherjee wrote: > I'm bit puzzled on the way coverity is reporting the open defects on GD1 > component. As you can see from [1], technically we have 6 open defects and > all of the rest are being marked as dismissed. We tried to put some > additional annotations in the code through [2] to see if coverity starts > feeling happy but the result doesn't change. I still see in the report it > complaints about open defect of GD1 as 25 (7 as High, 18 as medium and 1 as > Low). More interestingly yesterday's report claimed we fixed 8 defects, > introduced 1, but the overall count remained as 102. I'm not able to > connect the dots of this puzzle, can anyone? > Maybe we need to modify all dismissed CID's so that Coverity considers them again and, hopefully, mark them as solved with the newer updates. They have been manually marked to be ignored, so they are still there... Just a thought, I'm not sure how this really works. Xavi > > [1] https://scan.coverity.com/projects/gluster-glusterfs/view_defects > [2] https://review.gluster.org/#/c/22619/ > ___ > Gluster-devel mailing list > Gluster-devel@gluster.org > https://lists.gluster.org/mailman/listinfo/gluster-devel ___ Gluster-devel mailing list Gluster-devel@gluster.org https://lists.gluster.org/mailman/listinfo/gluster-devel
[Gluster-devel] Coverity scan - how does it ignore dismissed defects & annotations?
I'm bit puzzled on the way coverity is reporting the open defects on GD1 component. As you can see from [1], technically we have 6 open defects and all of the rest are being marked as dismissed. We tried to put some additional annotations in the code through [2] to see if coverity starts feeling happy but the result doesn't change. I still see in the report it complaints about open defect of GD1 as 25 (7 as High, 18 as medium and 1 as Low). More interestingly yesterday's report claimed we fixed 8 defects, introduced 1, but the overall count remained as 102. I'm not able to connect the dots of this puzzle, can anyone? [1] https://scan.coverity.com/projects/gluster-glusterfs/view_defects [2] https://review.gluster.org/#/c/22619/ ___ Gluster-devel mailing list Gluster-devel@gluster.org https://lists.gluster.org/mailman/listinfo/gluster-devel
