On 09/05/2019 15:41, Borislav Petkov wrote: > On Thu, May 09, 2019 at 03:29:42PM +0100, Colin Ian King wrote: >> These are the Coverity static analysis warning/error message >> classifications. Tagging them should be useful for several reasons: >> >> 1. We can classify the types of issues being fixed >> 2. We can see how many issues are being found/fixed with the use of >> static analysis tools like Coverity > > Who's "We"? Well, I'm assuming folk who are using Coverity and folk who like tracking bug stats. > >> 3. It provides some context on how these bugs were being found. > > I figured as much but I have more questions: > > * you say "tools like Coverity" but the name Coverity is in the tag. > So another tool would want to add its own tag. Which begs the second > question: > > * has it ever been discussed and/or agreed upon all those "tools" tags? > > Because we remove internal tags which have no bearing on the upstream > kernel. When I see that tag, how can I find out what it means? Can I run > coverity myself? Synopsis provide CoverityScan which can be used for free. There are several instances of projects on the scan website that are analyzing the kernel, for example: https://scan.coverity.com/projects/linux https://scan.coverity.com/projects/linux-next-weekly-scan > > Lemme dig another one: > > Addresses-Coverity-ID: 744899 ("Missing break in switch") > > Where do I look up that ID? https://scan.coverity.com/projects/linux > > And so on... > > Bottom line of what I'm trying to say is, those tags better be useful to > the general kernel audience - that means, they should be documented so > that people can look them up - or better not be in commit messages at > all. Yep, I agree, but explaining all the Coverity error types in a kernel doc is going to take some effort, which I really don't have much time for at the moment. > > Thx. > Colin
