* [COVERITY ACCESS] for Embedded/Automotive team @ 2016-11-18 13:36 Artem Mygaiev 2016-11-18 13:56 ` Andrew Cooper 0 siblings, 1 reply; 24+ messages in thread From: Artem Mygaiev @ 2016-11-18 13:36 UTC (permalink / raw) To: xen-devel -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello I would like to request access to Coverity Scan project. Hereby, I: - agree to follow the security response process. - undertake to report security issues discovered to the security team (security@xenproject.org) within 3 days of discovery. - agree to disclose the issue only to the security team and not to any other third party - waive their (security team) right to select the disclosure time line. Discoveries will follow the default time lines given in the policy. We work with Xen on ARM since 2012. Our primary goal is to introduce Xen for embedded and in particular in automotive SW domains. Our current activities are: ARM-based SoCs support (Renesas, TI, etc.), PV drivers development (audio, video, input, etc.), co-processors support and trusted environment support through OP-TEE integration. All of our work is public and published in OSS mailing lists. We would like to contribute in stability of Xen overall and Xen on ARM in particular since this is absolutely critical for most of embedded applications. Best regards, Artem Mygaiev -----BEGIN PGP SIGNATURE----- Version: Mailvelope v1.5.2 Comment: https://www.mailvelope.com wsFcBAEBCAAQBQJYLwPFCRBNzzYYJgaZIAAAk9oP/0A3r08qWawNKfjQO/AQ GE3MH13ZdzCI853XQlThVMZ6nBto1wmRXBzcySwjg6fb/J0E5e69ZB46c+LE DeXeFRT5uHAUO0Jl8dDUD+N2pZrX4V98IbES3BZlEeVfS2oy3nFys1Q764vv vK1Dhh26vW/ryk++ysyzc5ngo7yP2FqL5b6qhJ3LgmlFBE68yxpE9+LVijVP E5VzSJWcQicJdJ0dtHga8vP3+TMCMEnlUXERZTdMPKeHjLhmX8azfK9TRAaU KHXtlUuF5M0nfX1NynKJ4Z8aTMaHtF/fjyWfw9LeuhvEHu1oM/L5uOfnLA1O SmXkGJqvLM6PZ2sgowyhFOXgMpewMdZovAZE6KqUPndsBwEX/rT49kFR29j+ Wo6thMDSg3IFWjHPdnizmHBZ5bJ5K7YTJJiW6RSoL1ngtCT69LXA0KaBuGjX qSld1p2bOLKQVG/uhUT3/x0Hxd/lrJi+hPO7OwP47CqAHLGwqJaxWDUmPCIj EImyxcsUJ0dHbqwHK1LZhnK+N0TF+DlrEGWwNRXQMwtALpL+97HRyIiPQwsD lHwkcwAz0mtqmIPFhoe1xaYdBmr5ZXO2dhIPratASS1NqQFpVpMBG1XxzGSF 7aAZwtKqXaBxv6KWl65BmsUweL35zZW4BOR/aaEVlYi5/eOjy8L58uERPCJL F83h =6eKi -----END PGP SIGNATURE----- _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [COVERITY ACCESS] for Embedded/Automotive team 2016-11-18 13:36 [COVERITY ACCESS] for Embedded/Automotive team Artem Mygaiev @ 2016-11-18 13:56 ` Andrew Cooper 2016-11-18 15:28 ` Konrad Rzeszutek Wilk 0 siblings, 1 reply; 24+ messages in thread From: Andrew Cooper @ 2016-11-18 13:56 UTC (permalink / raw) To: Artem Mygaiev, xen-devel On 18/11/16 13:36, Artem Mygaiev wrote: > Hello > > I would like to request access to Coverity Scan project. Hereby, I: > - agree to follow the security response process. > - undertake to report security issues discovered to the security team > (security@xenproject.org) within 3 days of discovery. > - agree to disclose the issue only to the security team and not to > any other third party > - waive their (security team) right to select the disclosure time > line. Discoveries will follow the default time lines given in the > policy. > > We work with Xen on ARM since 2012. Our primary goal is to introduce > Xen for embedded and in particular in automotive SW domains. Our > current activities are: ARM-based SoCs support (Renesas, TI, etc.), PV > drivers development (audio, video, input, etc.), co-processors support > and trusted environment support through OP-TEE integration. All of our > work is public and published in OSS mailing lists. We would like to > contribute in stability of Xen overall and Xen on ARM in particular > since this is absolutely critical for most of embedded applications. I don't have an objection in principle. However, I doubt you will find access useful. Because of the restriction of only being permitted a single Coverity stream, it is only the x86 build which is submitted for analysis. To submit builds for separate architectures, we need alternative streams. I already requested this but the request was denied. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [COVERITY ACCESS] for Embedded/Automotive team 2016-11-18 13:56 ` Andrew Cooper @ 2016-11-18 15:28 ` Konrad Rzeszutek Wilk 2016-11-18 20:55 ` Julien Grall 0 siblings, 1 reply; 24+ messages in thread From: Konrad Rzeszutek Wilk @ 2016-11-18 15:28 UTC (permalink / raw) To: Andrew Cooper; +Cc: xen-devel, Artem Mygaiev On Fri, Nov 18, 2016 at 01:56:38PM +0000, Andrew Cooper wrote: > On 18/11/16 13:36, Artem Mygaiev wrote: > > Hello > > > > I would like to request access to Coverity Scan project. Hereby, I: > > - agree to follow the security response process. > > - undertake to report security issues discovered to the security team > > (security@xenproject.org) within 3 days of discovery. > > - agree to disclose the issue only to the security team and not to > > any other third party > > - waive their (security team) right to select the disclosure time > > line. Discoveries will follow the default time lines given in the > > policy. > > > > We work with Xen on ARM since 2012. Our primary goal is to introduce > > Xen for embedded and in particular in automotive SW domains. Our > > current activities are: ARM-based SoCs support (Renesas, TI, etc.), PV > > drivers development (audio, video, input, etc.), co-processors support > > and trusted environment support through OP-TEE integration. All of our > > work is public and published in OSS mailing lists. We would like to > > contribute in stability of Xen overall and Xen on ARM in particular > > since this is absolutely critical for most of embedded applications. > > I don't have an objection in principle. However, I doubt you will find > access useful. > > Because of the restriction of only being permitted a single Coverity > stream, it is only the x86 build which is submitted for analysis. To > submit builds for separate architectures, we need alternative streams. > I already requested this but the request was denied. Perhaps Artem doing it - along with linking to this thread could sway their minds? (Hi Coverity folks!) +1 on the request. > > ~Andrew > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xen.org > https://lists.xen.org/xen-devel _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [COVERITY ACCESS] for Embedded/Automotive team 2016-11-18 15:28 ` Konrad Rzeszutek Wilk @ 2016-11-18 20:55 ` Julien Grall 2016-11-19 16:53 ` Lars Kurth 2016-11-22 9:00 ` Artem Mygaiev 0 siblings, 2 replies; 24+ messages in thread From: Julien Grall @ 2016-11-18 20:55 UTC (permalink / raw) To: Konrad Rzeszutek Wilk, Andrew Cooper, Artem Mygaiev Cc: xen-devel, Stefano Stabellini, Lars Kurth Hello, On 18/11/2016 09:28, Konrad Rzeszutek Wilk wrote: > On Fri, Nov 18, 2016 at 01:56:38PM +0000, Andrew Cooper wrote: >> On 18/11/16 13:36, Artem Mygaiev wrote: >>> Hello >>> >>> I would like to request access to Coverity Scan project. Hereby, I: >>> - agree to follow the security response process. >>> - undertake to report security issues discovered to the security team >>> (security@xenproject.org) within 3 days of discovery. >>> - agree to disclose the issue only to the security team and not to >>> any other third party >>> - waive their (security team) right to select the disclosure time >>> line. Discoveries will follow the default time lines given in the >>> policy. >>> >>> We work with Xen on ARM since 2012. Our primary goal is to introduce >>> Xen for embedded and in particular in automotive SW domains. Our >>> current activities are: ARM-based SoCs support (Renesas, TI, etc.), PV >>> drivers development (audio, video, input, etc.), co-processors support >>> and trusted environment support through OP-TEE integration. All of our >>> work is public and published in OSS mailing lists. We would like to >>> contribute in stability of Xen overall and Xen on ARM in particular >>> since this is absolutely critical for most of embedded applications. >> >> I don't have an objection in principle. However, I doubt you will find >> access useful. >> >> Because of the restriction of only being permitted a single Coverity >> stream, it is only the x86 build which is submitted for analysis. To >> submit builds for separate architectures, we need alternative streams. >> I already requested this but the request was denied. > > Perhaps Artem doing it - along with linking to this thread could > sway their minds? (Hi Coverity folks!) Coverity has been proven useful on x86 to catch some bugs. A such things would be nice for ARM too. Is there anything we can do to get coverity testing ARM? (CC Lars). > > +1 on the request. In the current state and regardless whether coverity supports ARM, I would lean towards -1 on the request. I would prefer to give coverity access to developer that have established contribution on Xen ARM upstream. Artem, in the mail subject you mentioned "Embedded/Automotive team". Does it mean you are requesting coverity access for all the team? Regards, [1] https://www.xenproject.org/developers/teams/embedded-and-automotive.html -- Julien Grall _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [COVERITY ACCESS] for Embedded/Automotive team 2016-11-18 20:55 ` Julien Grall @ 2016-11-19 16:53 ` Lars Kurth 2016-11-22 11:51 ` Julien Grall 2016-11-22 9:00 ` Artem Mygaiev 1 sibling, 1 reply; 24+ messages in thread From: Lars Kurth @ 2016-11-19 16:53 UTC (permalink / raw) To: Julien Grall, Konrad Rzeszutek Wilk, Andrew Cooper, Artem Mygaiev Cc: xen-devel@lists.xenproject.org, Stefano Stabellini On 18/11/2016 20:55, "Julien Grall" <julien.grall@arm.com> wrote: >Hello, > >On 18/11/2016 09:28, Konrad Rzeszutek Wilk wrote: >> On Fri, Nov 18, 2016 at 01:56:38PM +0000, Andrew Cooper wrote: >>> On 18/11/16 13:36, Artem Mygaiev wrote: >>>> Hello >>>> >>>> I would like to request access to Coverity Scan project. Hereby, I: >>>> - agree to follow the security response process. >>>> - undertake to report security issues discovered to the security team >>>> (security@xenproject.org) within 3 days of discovery. >>>> - agree to disclose the issue only to the security team and not to >>>> any other third party >>>> - waive their (security team) right to select the disclosure time >>>> line. Discoveries will follow the default time lines given in the >>>> policy. >>>> >>>> We work with Xen on ARM since 2012. Our primary goal is to introduce >>>> Xen for embedded and in particular in automotive SW domains. Our >>>> current activities are: ARM-based SoCs support (Renesas, TI, etc.), PV >>>> drivers development (audio, video, input, etc.), co-processors support >>>> and trusted environment support through OP-TEE integration. All of our >>>> work is public and published in OSS mailing lists. We would like to >>>> contribute in stability of Xen overall and Xen on ARM in particular >>>> since this is absolutely critical for most of embedded applications. >>> >>> I don't have an objection in principle. However, I doubt you will find >>> access useful. >>> >>> Because of the restriction of only being permitted a single Coverity >>> stream, it is only the x86 build which is submitted for analysis. To >>> submit builds for separate architectures, we need alternative streams. >>> I already requested this but the request was denied. >> >> Perhaps Artem doing it - along with linking to this thread could >> sway their minds? (Hi Coverity folks!) > >Coverity has been proven useful on x86 to catch some bugs. A such things >would be nice for ARM too. Is there anything we can do to get coverity >testing ARM? (CC Lars). Coverity does static code analysis. It analyses our entire tree, although I don't know whether we updated it to point it to new repos such as the mini-os one. >> +1 on the request. > >In the current state and regardless whether coverity supports ARM, I >would lean towards -1 on the request. > >I would prefer to give coverity access to developer that have >established contribution on Xen ARM upstream. > >Artem, in the mail subject you mentioned "Embedded/Automotive team". >Does it mean you are requesting coverity access for all the team? > >Regards, > >[1] >https://www.xenproject.org/developers/teams/embedded-and-automotive.html > >-- >Julien Grall _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [COVERITY ACCESS] for Embedded/Automotive team 2016-11-19 16:53 ` Lars Kurth @ 2016-11-22 11:51 ` Julien Grall 2016-11-22 11:55 ` Lars Kurth 0 siblings, 1 reply; 24+ messages in thread From: Julien Grall @ 2016-11-22 11:51 UTC (permalink / raw) To: Lars Kurth, Konrad Rzeszutek Wilk, Andrew Cooper, Artem Mygaiev Cc: xen-devel@lists.xenproject.org, Stefano Stabellini Hi Lars, On 19/11/16 16:53, Lars Kurth wrote: > On 18/11/2016 20:55, "Julien Grall" <julien.grall@arm.com> wrote: >> >> Coverity has been proven useful on x86 to catch some bugs. A such things >> would be nice for ARM too. Is there anything we can do to get coverity >> testing ARM? (CC Lars). > > Coverity does static code analysis. It analyses our entire tree, although > I don't know whether we updated it to point it to new repos such as the > mini-os one. I thought coverity was hooking into the build system by replacing the compiler, right? If so, how does coverity analyze xen/arch/arm? Cheers, -- Julien Grall _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [COVERITY ACCESS] for Embedded/Automotive team 2016-11-22 11:51 ` Julien Grall @ 2016-11-22 11:55 ` Lars Kurth 2016-11-22 13:06 ` Artem Mygaiev 2016-11-22 13:42 ` Andrew Cooper 0 siblings, 2 replies; 24+ messages in thread From: Lars Kurth @ 2016-11-22 11:55 UTC (permalink / raw) To: Julien Grall, Konrad Rzeszutek Wilk, Andrew Cooper, Artem Mygaiev Cc: xen-devel@lists.xenproject.org, Stefano Stabellini On 22/11/2016 11:51, "Julien Grall" <julien.grall@arm.com> wrote: >Hi Lars, > >On 19/11/16 16:53, Lars Kurth wrote: >> On 18/11/2016 20:55, "Julien Grall" <julien.grall@arm.com> wrote: >>> >>> Coverity has been proven useful on x86 to catch some bugs. A such >>>things >>> would be nice for ARM too. Is there anything we can do to get coverity >>> testing ARM? (CC Lars). >> >> Coverity does static code analysis. It analyses our entire tree, >>although >> I don't know whether we updated it to point it to new repos such as the >> mini-os one. > >I thought coverity was hooking into the build system by replacing the >compiler, right? > >If so, how does coverity analyze xen/arch/arm? I guess that is a question for someone else who is more familiar with the set-up. But there shouldn't be any technical reason which prevents Coverity scan from running on any CPU specific code. Lars _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [COVERITY ACCESS] for Embedded/Automotive team 2016-11-22 11:55 ` Lars Kurth @ 2016-11-22 13:06 ` Artem Mygaiev 2016-11-22 13:42 ` Andrew Cooper 1 sibling, 0 replies; 24+ messages in thread From: Artem Mygaiev @ 2016-11-22 13:06 UTC (permalink / raw) To: Lars Kurth, Julien Grall, Konrad Rzeszutek Wilk, Andrew Cooper, Artem Mygaiev Cc: xen-devel@lists.xenproject.org, Stefano Stabellini Coverity Scan does static analysis only, but hooks into the build system in order to track compilation process and build map of source code to analyze. In addition to connecting the build process, user of Scan needs to provide a) filters to specify particular components for analysis and b) model that implements "library" functions like synchronization, memory allocation, etc. [1] http://www.coverity.com/products/coverity-save/ On 22.11.16 13:55, Lars Kurth wrote: > On 22/11/2016 11:51, "Julien Grall" <julien.grall@arm.com> wrote: > >> Hi Lars, >> >> On 19/11/16 16:53, Lars Kurth wrote: >>> On 18/11/2016 20:55, "Julien Grall" <julien.grall@arm.com> wrote: >>>> Coverity has been proven useful on x86 to catch some bugs. A such >>>> things >>>> would be nice for ARM too. Is there anything we can do to get coverity >>>> testing ARM? (CC Lars). >>> Coverity does static code analysis. It analyses our entire tree, >>> although >>> I don't know whether we updated it to point it to new repos such as the >>> mini-os one. >> I thought coverity was hooking into the build system by replacing the >> compiler, right? >> >> If so, how does coverity analyze xen/arch/arm? > I guess that is a question for someone else who is more familiar with the > set-up. But there shouldn't be any technical reason which prevents > Coverity scan from running on any CPU specific code. > > Lars > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xen.org > https://lists.xen.org/xen-devel _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [COVERITY ACCESS] for Embedded/Automotive team 2016-11-22 11:55 ` Lars Kurth 2016-11-22 13:06 ` Artem Mygaiev @ 2016-11-22 13:42 ` Andrew Cooper 2016-11-22 13:54 ` Artem Mygaiev 1 sibling, 1 reply; 24+ messages in thread From: Andrew Cooper @ 2016-11-22 13:42 UTC (permalink / raw) To: Lars Kurth, Julien Grall, Konrad Rzeszutek Wilk, Artem Mygaiev Cc: xen-devel@lists.xenproject.org, Stefano Stabellini On 22/11/16 11:55, Lars Kurth wrote: > > On 22/11/2016 11:51, "Julien Grall" <julien.grall@arm.com> wrote: > >> Hi Lars, >> >> On 19/11/16 16:53, Lars Kurth wrote: >>> On 18/11/2016 20:55, "Julien Grall" <julien.grall@arm.com> wrote: >>>> Coverity has been proven useful on x86 to catch some bugs. A such >>>> things >>>> would be nice for ARM too. Is there anything we can do to get coverity >>>> testing ARM? (CC Lars). >>> Coverity does static code analysis. It analyses our entire tree, >>> although >>> I don't know whether we updated it to point it to new repos such as the >>> mini-os one. >> I thought coverity was hooking into the build system by replacing the >> compiler, right? >> >> If so, how does coverity analyze xen/arch/arm? > I guess that is a question for someone else who is more familiar with the > set-up. But there shouldn't be any technical reason which prevents > Coverity scan from running on any CPU specific code. There is no technical problem with using Coverity for ARM. Coverity, as a product, is capable of doing this. The problem is that Coverity Scan only offers us one stream for the Xen Project, and we cannot mix architectures within a single stream. (Not that we physically can't, but that the change tracking of defects would be meaningless). The only way we could scan for ARM is if we could be given multiple different streams (one per arch) to use, and Coverity have already said no to this request. This is a politics problem, not a technical problem. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [COVERITY ACCESS] for Embedded/Automotive team 2016-11-22 13:42 ` Andrew Cooper @ 2016-11-22 13:54 ` Artem Mygaiev 2016-11-28 10:27 ` Lars Kurth 0 siblings, 1 reply; 24+ messages in thread From: Artem Mygaiev @ 2016-11-22 13:54 UTC (permalink / raw) To: Andrew Cooper, Lars Kurth, Julien Grall, Konrad Rzeszutek Wilk, Artem Mygaiev Cc: xen-devel@lists.xenproject.org, Stefano Stabellini On 22.11.16 15:42, Andrew Cooper wrote: > On 22/11/16 11:55, Lars Kurth wrote: >> On 22/11/2016 11:51, "Julien Grall" <julien.grall@arm.com> wrote: >> >>> Hi Lars, >>> >>> On 19/11/16 16:53, Lars Kurth wrote: >>>> On 18/11/2016 20:55, "Julien Grall" <julien.grall@arm.com> wrote: >>>>> Coverity has been proven useful on x86 to catch some bugs. A such >>>>> things >>>>> would be nice for ARM too. Is there anything we can do to get coverity >>>>> testing ARM? (CC Lars). >>>> Coverity does static code analysis. It analyses our entire tree, >>>> although >>>> I don't know whether we updated it to point it to new repos such as the >>>> mini-os one. >>> I thought coverity was hooking into the build system by replacing the >>> compiler, right? >>> >>> If so, how does coverity analyze xen/arch/arm? >> I guess that is a question for someone else who is more familiar with the >> set-up. But there shouldn't be any technical reason which prevents >> Coverity scan from running on any CPU specific code. > There is no technical problem with using Coverity for ARM. Coverity, as > a product, is capable of doing this. > > The problem is that Coverity Scan only offers us one stream for the Xen > Project, and we cannot mix architectures within a single stream. (Not > that we physically can't, but that the change tracking of defects would > be meaningless). > > The only way we could scan for ARM is if we could be given multiple > different streams (one per arch) to use, and Coverity have already said > no to this request. This is a politics problem, not a technical problem. Andrew, I understand, thanks. Would it be still possible to get Scan model files for us? We would like to update them for use with ARM. BTW, we could set up ARM build Coverity Scan with GitHub/Travis only limited by amount of runs per week (depending on number LOC number). BR, Artem _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [COVERITY ACCESS] for Embedded/Automotive team 2016-11-22 13:54 ` Artem Mygaiev @ 2016-11-28 10:27 ` Lars Kurth 2016-11-28 11:01 ` Artem Mygaiev 0 siblings, 1 reply; 24+ messages in thread From: Lars Kurth @ 2016-11-28 10:27 UTC (permalink / raw) To: Artem Mygaiev, Andrew Cooper, Julien Grall, Konrad Rzeszutek Wilk, Artem Mygaiev Cc: xen-devel@lists.xenproject.org, Stefano Stabellini On 22/11/2016 13:54, "Artem Mygaiev" <artem_mygaiev@epam.com> wrote: >On 22.11.16 15:42, Andrew Cooper wrote: >> >> >> The only way we could scan for ARM is if we could be given multiple >> different streams (one per arch) to use, and Coverity have already said >> no to this request. This is a politics problem, not a technical >>problem. > >Andrew, I understand, thanks. Andrew, thanks for the clarification. >Would it be still possible to get Scan model files for us? We would like >to update them for use with ARM. BTW, we could set up ARM build Coverity >Scan with GitHub/Travis only limited by amount of runs per week >(depending on number LOC number). Artem, just to clarify. I am assuming you have a license for Coverity that would allow you to run it on a different configuration: Correct? And there are some constraints on how frequently this could be run? And you would be willing to run this on behalf of the project for an ARM configuration? Regards Lars _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [COVERITY ACCESS] for Embedded/Automotive team 2016-11-28 10:27 ` Lars Kurth @ 2016-11-28 11:01 ` Artem Mygaiev 2016-11-29 14:21 ` Artem Mygaiev 0 siblings, 1 reply; 24+ messages in thread From: Artem Mygaiev @ 2016-11-28 11:01 UTC (permalink / raw) To: Lars Kurth, Andrew Cooper, Julien Grall, Konrad Rzeszutek Wilk, Artem Mygaiev Cc: xen-devel@lists.xenproject.org, Stefano Stabellini [-- Attachment #1.1: Type: text/plain, Size: 2273 bytes --] On 28.11.16 12:27, Lars Kurth wrote: > On 22/11/2016 13:54, "Artem Mygaiev" <artem_mygaiev@epam.com> wrote: >> On 22.11.16 15:42, Andrew Cooper wrote: >>> The only way we could scan for ARM is if we could be given multiple >>> different streams (one per arch) to use, and Coverity have already said >>> no to this request. This is a politics problem, not a technical >>> problem. >> Andrew, I understand, thanks. > Andrew, thanks for the clarification. >> Would it be still possible to get Scan model files for us? We would like >> to update them for use with ARM. BTW, we could set up ARM build Coverity >> Scan with GitHub/Travis only limited by amount of runs per week >> (depending on number LOC number). > Artem, just to clarify. > > I am assuming you have a license for Coverity that would allow you to run > it on a different configuration: Correct? I have just applied for Coverity Scan with project application. It is yet to be approved (usually takes couple business days). > And there are some constraints on how frequently this could be run? Yes, there are constraints [1]: - Up to 12 builds per week, with a maximum of 3 builds per day, for projects with fewer than 100K lines of code - Up to 8 builds per week, with a maximum of 2 builds per day, for projects with 100K to 500K lines of code - Up to 4 builds per week, with a maximum of 1 build per day, for projects with 500K to 1 million lines of code - Up to 2 builds per week, with a maximum of 1 build per day, for projects with more than 1 million lines of code For Xen on ARM I have got a build with 29,340 LOC so I guess 12 builds/week, 3 builds/day > And you would be willing to run this on behalf of the project for an ARM > configuration? Well, I would like to start with ensuring we actually have full coverage of ARM build, and it is possible to run xen mainline scans without any changes or hacks in Travis configuration and Scan script. If so, we could maintain this on behalf of the project, unless there are objections (I guess Julien mentioned that someone with established contribution on Xen ARM upstream could be driving this). Of course, we will also use Scan for testing any patches we are preparing to upstream. ------ [1] https://scan.coverity.com/faq#frequency [-- Attachment #1.2: Type: text/html, Size: 4208 bytes --] [-- Attachment #2: Type: text/plain, Size: 127 bytes --] _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [COVERITY ACCESS] for Embedded/Automotive team 2016-11-28 11:01 ` Artem Mygaiev @ 2016-11-29 14:21 ` Artem Mygaiev 2016-11-29 14:27 ` Julien Grall 0 siblings, 1 reply; 24+ messages in thread From: Artem Mygaiev @ 2016-11-29 14:21 UTC (permalink / raw) To: Lars Kurth, Andrew Cooper, Julien Grall, Konrad Rzeszutek Wilk, Artem Mygaiev Cc: xen-devel@lists.xenproject.org, Stefano Stabellini [-- Attachment #1.1: Type: text/plain, Size: 2517 bytes --] Lars, the project is approved by Coverity. Scan has found some issues in xen/arch/arm on master, part of them are false positives. On 28.11.16 13:01, Artem Mygaiev wrote: > On 28.11.16 12:27, Lars Kurth wrote: >> On 22/11/2016 13:54, "Artem Mygaiev" <artem_mygaiev@epam.com> wrote: >>> On 22.11.16 15:42, Andrew Cooper wrote: >>>> The only way we could scan for ARM is if we could be given multiple >>>> different streams (one per arch) to use, and Coverity have already said >>>> no to this request. This is a politics problem, not a technical >>>> problem. >>> Andrew, I understand, thanks. >> Andrew, thanks for the clarification. >>> Would it be still possible to get Scan model files for us? We would like >>> to update them for use with ARM. BTW, we could set up ARM build Coverity >>> Scan with GitHub/Travis only limited by amount of runs per week >>> (depending on number LOC number). >> Artem, just to clarify. >> >> I am assuming you have a license for Coverity that would allow you to run >> it on a different configuration: Correct? > I have just applied for Coverity Scan with project application. It is > yet to be approved (usually takes couple business days). >> And there are some constraints on how frequently this could be run? > Yes, there are constraints [1]: > - Up to 12 builds per week, with a maximum of 3 builds per day, for > projects with fewer than 100K lines of code > - Up to 8 builds per week, with a maximum of 2 builds per day, > for projects with 100K to 500K lines of code > - Up to 4 builds per week, with a maximum of 1 build per day, for > projects with 500K to 1 million lines of code > - Up to 2 builds per week, with a maximum of 1 build per day, for > projects with more than 1 million lines of code > For Xen on ARM I have got a build with 29,340 LOC so I guess 12 > builds/week, 3 builds/day > >> And you would be willing to run this on behalf of the project for an ARM >> configuration? > Well, I would like to start with ensuring we actually have full > coverage of ARM build, and it is possible to run xen mainline scans > without any changes or hacks in Travis configuration and Scan script. > If so, we could maintain this on behalf of the project, unless there > are objections (I guess Julien mentioned that someone with established > contribution on Xen ARM upstream could be driving this). > > Of course, we will also use Scan for testing any patches we are > preparing to upstream. > > ------ > [1] https://scan.coverity.com/faq#frequency [-- Attachment #1.2: Type: text/html, Size: 4843 bytes --] [-- Attachment #2: Type: text/plain, Size: 127 bytes --] _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [COVERITY ACCESS] for Embedded/Automotive team 2016-11-29 14:21 ` Artem Mygaiev @ 2016-11-29 14:27 ` Julien Grall 2016-11-29 15:04 ` Lars Kurth 2016-11-29 15:09 ` Artem Mygaiev 0 siblings, 2 replies; 24+ messages in thread From: Julien Grall @ 2016-11-29 14:27 UTC (permalink / raw) To: Artem Mygaiev, Lars Kurth, Andrew Cooper, Konrad Rzeszutek Wilk, Artem Mygaiev Cc: xen-devel@lists.xenproject.org, Stefano Stabellini Hi Artem, On 29/11/16 14:21, Artem Mygaiev wrote: > Lars, the project is approved by Coverity. Scan has found some issues in > xen/arch/arm on master, part of them are false positives. Perfect. It would be interesting to know the list of issues so we can categorize them (i.e are they security issue) and address them. Cheers, -- Julien Grall _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [COVERITY ACCESS] for Embedded/Automotive team 2016-11-29 14:27 ` Julien Grall @ 2016-11-29 15:04 ` Lars Kurth 2016-11-30 11:14 ` Artem Mygaiev 2016-11-29 15:09 ` Artem Mygaiev 1 sibling, 1 reply; 24+ messages in thread From: Lars Kurth @ 2016-11-29 15:04 UTC (permalink / raw) To: Julien Grall, Artem Mygaiev, Andrew Cooper, Konrad Rzeszutek Wilk, Artem Mygaiev Cc: xen-devel@lists.xenproject.org, Stefano Stabellini Please don't post them to xen-devel@ though: as a one-off, you may want to send to Julien and maybe Stefano Longer term, we ought to find a way to send the output to a safe place, as for x86 Lars On 29/11/2016 14:27, "Julien Grall" <julien.grall@arm.com> wrote: >Hi Artem, > >On 29/11/16 14:21, Artem Mygaiev wrote: >> Lars, the project is approved by Coverity. Scan has found some issues in >> xen/arch/arm on master, part of them are false positives. > >Perfect. It would be interesting to know the list of issues so we can >categorize them (i.e are they security issue) and address them. > >Cheers, > >-- >Julien Grall _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [COVERITY ACCESS] for Embedded/Automotive team 2016-11-29 15:04 ` Lars Kurth @ 2016-11-30 11:14 ` Artem Mygaiev 0 siblings, 0 replies; 24+ messages in thread From: Artem Mygaiev @ 2016-11-30 11:14 UTC (permalink / raw) To: Lars Kurth, Julien Grall, Andrew Cooper, Konrad Rzeszutek Wilk, Artem Mygaiev Cc: xen-devel@lists.xenproject.org, Stefano Stabellini Hi Lars On 29.11.16 17:04, Lars Kurth wrote: > Please don't post them to xen-devel@ though: as a one-off, you may want to > send to Julien and maybe Stefano > Longer term, we ought to find a way to send the output to a safe place, as > for x86 > Lars I have added Julien, Stefano and you as members, so you can view, triage and edit defects. For now this is based on custom Travis build script and our xen repo mirror on GitHub. > > On 29/11/2016 14:27, "Julien Grall" <julien.grall@arm.com> wrote: > >> Hi Artem, >> >> On 29/11/16 14:21, Artem Mygaiev wrote: >>> Lars, the project is approved by Coverity. Scan has found some issues in >>> xen/arch/arm on master, part of them are false positives. >> Perfect. It would be interesting to know the list of issues so we can >> categorize them (i.e are they security issue) and address them. >> >> Cheers, >> >> -- >> Julien Grall _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [COVERITY ACCESS] for Embedded/Automotive team 2016-11-29 14:27 ` Julien Grall 2016-11-29 15:04 ` Lars Kurth @ 2016-11-29 15:09 ` Artem Mygaiev 2016-11-29 16:12 ` Julien Grall ` (2 more replies) 1 sibling, 3 replies; 24+ messages in thread From: Artem Mygaiev @ 2016-11-29 15:09 UTC (permalink / raw) To: Julien Grall, Lars Kurth, Andrew Cooper, Konrad Rzeszutek Wilk, Artem Mygaiev Cc: xen-devel@lists.xenproject.org, Stefano Stabellini Hi Julien On 29.11.16 16:27, Julien Grall wrote: > Hi Artem, > > On 29/11/16 14:21, Artem Mygaiev wrote: >> Lars, the project is approved by Coverity. Scan has found some issues in >> xen/arch/arm on master, part of them are false positives. > > Perfect. It would be interesting to know the list of issues so we can > categorize them (i.e are they security issue) and address them. Let me clean up the build scripts a bit and I will send you invite to Coverity Scan project _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [COVERITY ACCESS] for Embedded/Automotive team 2016-11-29 15:09 ` Artem Mygaiev @ 2016-11-29 16:12 ` Julien Grall 2016-11-29 18:19 ` Stefano Stabellini 2016-11-30 19:21 ` Andrew Cooper 2 siblings, 0 replies; 24+ messages in thread From: Julien Grall @ 2016-11-29 16:12 UTC (permalink / raw) To: Artem Mygaiev, Lars Kurth, Andrew Cooper, Konrad Rzeszutek Wilk, Artem Mygaiev Cc: xen-devel@lists.xenproject.org, Stefano Stabellini On 29/11/16 15:09, Artem Mygaiev wrote: > Hi Julien > > On 29.11.16 16:27, Julien Grall wrote: >> Hi Artem, >> >> On 29/11/16 14:21, Artem Mygaiev wrote: >>> Lars, the project is approved by Coverity. Scan has found some issues in >>> xen/arch/arm on master, part of them are false positives. >> >> Perfect. It would be interesting to know the list of issues so we can >> categorize them (i.e are they security issue) and address them. > > Let me clean up the build scripts a bit and I will send you invite to > Coverity Scan project > Thank you! -- Julien Grall _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [COVERITY ACCESS] for Embedded/Automotive team 2016-11-29 15:09 ` Artem Mygaiev 2016-11-29 16:12 ` Julien Grall @ 2016-11-29 18:19 ` Stefano Stabellini 2016-11-30 11:15 ` Artem Mygaiev 2016-11-30 19:21 ` Andrew Cooper 2 siblings, 1 reply; 24+ messages in thread From: Stefano Stabellini @ 2016-11-29 18:19 UTC (permalink / raw) To: Artem Mygaiev Cc: Lars Kurth, Stefano Stabellini, Andrew Cooper, Julien Grall, xen-devel@lists.xenproject.org, Artem Mygaiev On Tue, 29 Nov 2016, Artem Mygaiev wrote: > Hi Julien > > On 29.11.16 16:27, Julien Grall wrote: > > Hi Artem, > > > > On 29/11/16 14:21, Artem Mygaiev wrote: > >> Lars, the project is approved by Coverity. Scan has found some issues in > >> xen/arch/arm on master, part of them are false positives. > > > > Perfect. It would be interesting to know the list of issues so we can > > categorize them (i.e are they security issue) and address them. > > Let me clean up the build scripts a bit and I will send you invite to > Coverity Scan project I would like access too if possible, thanks! _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [COVERITY ACCESS] for Embedded/Automotive team 2016-11-29 18:19 ` Stefano Stabellini @ 2016-11-30 11:15 ` Artem Mygaiev 2016-11-30 19:10 ` Stefano Stabellini 0 siblings, 1 reply; 24+ messages in thread From: Artem Mygaiev @ 2016-11-30 11:15 UTC (permalink / raw) To: Stefano Stabellini Cc: Lars Kurth, Andrew Cooper, Julien Grall, xen-devel@lists.xenproject.org, Artem Mygaiev Done On 29.11.16 20:19, Stefano Stabellini wrote: > On Tue, 29 Nov 2016, Artem Mygaiev wrote: >> Hi Julien >> >> On 29.11.16 16:27, Julien Grall wrote: >>> Hi Artem, >>> >>> On 29/11/16 14:21, Artem Mygaiev wrote: >>>> Lars, the project is approved by Coverity. Scan has found some issues in >>>> xen/arch/arm on master, part of them are false positives. >>> Perfect. It would be interesting to know the list of issues so we can >>> categorize them (i.e are they security issue) and address them. >> Let me clean up the build scripts a bit and I will send you invite to >> Coverity Scan project > I would like access too if possible, thanks! _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [COVERITY ACCESS] for Embedded/Automotive team 2016-11-30 11:15 ` Artem Mygaiev @ 2016-11-30 19:10 ` Stefano Stabellini 0 siblings, 0 replies; 24+ messages in thread From: Stefano Stabellini @ 2016-11-30 19:10 UTC (permalink / raw) To: Artem Mygaiev Cc: Lars Kurth, Stefano Stabellini, Andrew Cooper, Julien Grall, xen-devel@lists.xenproject.org, Artem Mygaiev Thank you! On Wed, 30 Nov 2016, Artem Mygaiev wrote: > Done > > > On 29.11.16 20:19, Stefano Stabellini wrote: > > On Tue, 29 Nov 2016, Artem Mygaiev wrote: > >> Hi Julien > >> > >> On 29.11.16 16:27, Julien Grall wrote: > >>> Hi Artem, > >>> > >>> On 29/11/16 14:21, Artem Mygaiev wrote: > >>>> Lars, the project is approved by Coverity. Scan has found some issues in > >>>> xen/arch/arm on master, part of them are false positives. > >>> Perfect. It would be interesting to know the list of issues so we can > >>> categorize them (i.e are they security issue) and address them. > >> Let me clean up the build scripts a bit and I will send you invite to > >> Coverity Scan project > > I would like access too if possible, thanks! > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@lists.xen.org > https://lists.xen.org/xen-devel > _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [COVERITY ACCESS] for Embedded/Automotive team 2016-11-29 15:09 ` Artem Mygaiev 2016-11-29 16:12 ` Julien Grall 2016-11-29 18:19 ` Stefano Stabellini @ 2016-11-30 19:21 ` Andrew Cooper 2016-12-01 13:44 ` Artem Mygaiev 2 siblings, 1 reply; 24+ messages in thread From: Andrew Cooper @ 2016-11-30 19:21 UTC (permalink / raw) To: Artem Mygaiev, Julien Grall, Lars Kurth, Konrad Rzeszutek Wilk, Artem Mygaiev Cc: xen-devel@lists.xenproject.org, Stefano Stabellini On 29/11/16 15:09, Artem Mygaiev wrote: > Hi Julien > > On 29.11.16 16:27, Julien Grall wrote: >> Hi Artem, >> >> On 29/11/16 14:21, Artem Mygaiev wrote: >>> Lars, the project is approved by Coverity. Scan has found some issues in >>> xen/arch/arm on master, part of them are false positives. >> Perfect. It would be interesting to know the list of issues so we can >> categorize them (i.e are they security issue) and address them. > Let me clean up the build scripts a bit and I will send you invite to > Coverity Scan project Can I get an invite as well please? ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [COVERITY ACCESS] for Embedded/Automotive team 2016-11-30 19:21 ` Andrew Cooper @ 2016-12-01 13:44 ` Artem Mygaiev 0 siblings, 0 replies; 24+ messages in thread From: Artem Mygaiev @ 2016-12-01 13:44 UTC (permalink / raw) To: Andrew Cooper, Julien Grall, Lars Kurth, Konrad Rzeszutek Wilk, Artem Mygaiev Cc: xen-devel@lists.xenproject.org, Stefano Stabellini On 30.11.16 21:21, Andrew Cooper wrote: > On 29/11/16 15:09, Artem Mygaiev wrote: >> Hi Julien >> >> On 29.11.16 16:27, Julien Grall wrote: >>> Hi Artem, >>> >>> On 29/11/16 14:21, Artem Mygaiev wrote: >>>> Lars, the project is approved by Coverity. Scan has found some issues in >>>> xen/arch/arm on master, part of them are false positives. >>> Perfect. It would be interesting to know the list of issues so we can >>> categorize them (i.e are they security issue) and address them. >> Let me clean up the build scripts a bit and I will send you invite to >> Coverity Scan project > Can I get an invite as well please? > > ~Andrew Sent _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 24+ messages in thread
* Re: [COVERITY ACCESS] for Embedded/Automotive team 2016-11-18 20:55 ` Julien Grall 2016-11-19 16:53 ` Lars Kurth @ 2016-11-22 9:00 ` Artem Mygaiev 1 sibling, 0 replies; 24+ messages in thread From: Artem Mygaiev @ 2016-11-22 9:00 UTC (permalink / raw) To: Julien Grall, Konrad Rzeszutek Wilk, Andrew Cooper, Artem Mygaiev Cc: xen-devel, Stefano Stabellini, Lars Kurth On 18.11.16 22:55, Julien Grall wrote: > Coverity has been proven useful on x86 to catch some bugs. A such > things would be nice for ARM too. Is there anything we can do to get > coverity testing ARM? (CC Lars). This is exactly what we want to do - update model files (if needed), prepare some reference ARM build and run static analysis with Coverity Scan. > I would prefer to give coverity access to developer that have > established contribution on Xen ARM upstream. If there is anyone else who wants to lead this - we will be happy to help. > Artem, in the mail subject you mentioned "Embedded/Automotive team". > Does it mean you are requesting coverity access for all the team? > [1] > https://www.xenproject.org/developers/teams/embedded-and-automotive.html Right now it is only for me - to set up environment and create coverage build. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel ^ permalink raw reply [flat|nested] 24+ messages in thread
end of thread, other threads:[~2016-12-01 13:44 UTC | newest] Thread overview: 24+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2016-11-18 13:36 [COVERITY ACCESS] for Embedded/Automotive team Artem Mygaiev 2016-11-18 13:56 ` Andrew Cooper 2016-11-18 15:28 ` Konrad Rzeszutek Wilk 2016-11-18 20:55 ` Julien Grall 2016-11-19 16:53 ` Lars Kurth 2016-11-22 11:51 ` Julien Grall 2016-11-22 11:55 ` Lars Kurth 2016-11-22 13:06 ` Artem Mygaiev 2016-11-22 13:42 ` Andrew Cooper 2016-11-22 13:54 ` Artem Mygaiev 2016-11-28 10:27 ` Lars Kurth 2016-11-28 11:01 ` Artem Mygaiev 2016-11-29 14:21 ` Artem Mygaiev 2016-11-29 14:27 ` Julien Grall 2016-11-29 15:04 ` Lars Kurth 2016-11-30 11:14 ` Artem Mygaiev 2016-11-29 15:09 ` Artem Mygaiev 2016-11-29 16:12 ` Julien Grall 2016-11-29 18:19 ` Stefano Stabellini 2016-11-30 11:15 ` Artem Mygaiev 2016-11-30 19:10 ` Stefano Stabellini 2016-11-30 19:21 ` Andrew Cooper 2016-12-01 13:44 ` Artem Mygaiev 2016-11-22 9:00 ` Artem Mygaiev
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).