* [LTP] Coverity report for ltp-20130109 [not found] <1437086244.21063924.1363705319128.JavaMail.root@redhat.com> @ 2013-03-19 15:18 ` Jan Stancek 2013-03-19 15:28 ` chrubis 2013-03-19 17:43 ` chrubis 0 siblings, 2 replies; 5+ messages in thread From: Jan Stancek @ 2013-03-19 15:18 UTC (permalink / raw) To: LTP List Hi, What is Coverity? Coverity Prevent is commercial enterprise level tool for static analysis (analysis based only on compiling of sources, not based on running of binary) of the C/C++ and Java code. analyzer coverity analyzer-args --wait-for-license -co BAD_FREE:allow_first_field:true --all analyzer-version Coverity Static Analysis for C/C++ version 6.5.1 on Linux 2.6.32-279.el6.x86_64 x86_64 I ran it for current LTP stable (20130109) (on top of RHEL6.4) and I'm sharing results here: http://jan.stancek.eu/coverity/ltp-20130109-1.el6.err.xz I looked at results only very briefly so far. The one that caught my eye was actually my previous email: inode02: fix "slash" array overrun. This run includes "--all" parameter, so it's likely there are some false positives. Regards, Jan ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LTP] Coverity report for ltp-20130109 2013-03-19 15:18 ` [LTP] Coverity report for ltp-20130109 Jan Stancek @ 2013-03-19 15:28 ` chrubis 2013-03-19 16:09 ` chrubis 2013-03-19 17:43 ` chrubis 1 sibling, 1 reply; 5+ messages in thread From: chrubis @ 2013-03-19 15:28 UTC (permalink / raw) To: Jan Stancek; +Cc: LTP List Hi! > What is Coverity? > Coverity Prevent is commercial enterprise level tool for static analysis > (analysis based only on compiling of sources, not based on running of binary) > of the C/C++ and Java code. > > analyzer coverity > analyzer-args --wait-for-license -co BAD_FREE:allow_first_field:true --all > analyzer-version Coverity Static Analysis for C/C++ version 6.5.1 on Linux 2.6.32-279.el6.x86_64 x86_64 > > I ran it for current LTP stable (20130109) (on top of RHEL6.4) > and I'm sharing results here: > http://jan.stancek.eu/coverity/ltp-20130109-1.el6.err.xz > > I looked at results only very briefly so far. The one that caught my > eye was actually my previous email: inode02: fix "slash" array overrun. > This run includes "--all" parameter, so it's likely there are some false > positives. Nice. I will have a look at the data too. -- Cyril Hrubis chrubis@suse.cz ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LTP] Coverity report for ltp-20130109 2013-03-19 15:28 ` chrubis @ 2013-03-19 16:09 ` chrubis [not found] ` <1590001509.21115132.1363709682126.JavaMail.root@redhat.com> 0 siblings, 1 reply; 5+ messages in thread From: chrubis @ 2013-03-19 16:09 UTC (permalink / raw) To: Jan Stancek; +Cc: LTP List Hi! > > What is Coverity? > > Coverity Prevent is commercial enterprise level tool for static analysis > > (analysis based only on compiling of sources, not based on running of binary) > > of the C/C++ and Java code. > > > > analyzer coverity > > analyzer-args --wait-for-license -co BAD_FREE:allow_first_field:true --all > > analyzer-version Coverity Static Analysis for C/C++ version 6.5.1 on Linux 2.6.32-279.el6.x86_64 x86_64 > > > > I ran it for current LTP stable (20130109) (on top of RHEL6.4) > > and I'm sharing results here: > > http://jan.stancek.eu/coverity/ltp-20130109-1.el6.err.xz > > > > I looked at results only very briefly so far. The one that caught my > > eye was actually my previous email: inode02: fix "slash" array overrun. > > This run includes "--all" parameter, so it's likely there are some false > > positives. > > Nice. I will have a look at the data too. Here are some statistical data: The total number of tests mentioned in the report is 747, 600 is from the testcases/kernel/ directory along with some in network, misc. There seems to be quite a number of reports in the lib/ directory. Could you run the tool for the openposix testcases as well? -- Cyril Hrubis chrubis@suse.cz ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 5+ messages in thread
[parent not found: <1590001509.21115132.1363709682126.JavaMail.root@redhat.com>]
* Re: [LTP] Coverity report for ltp-20130109 [not found] ` <1590001509.21115132.1363709682126.JavaMail.root@redhat.com> @ 2013-03-19 16:38 ` chrubis 0 siblings, 0 replies; 5+ messages in thread From: chrubis @ 2013-03-19 16:38 UTC (permalink / raw) To: Jan Stancek; +Cc: LTP List Hi! > > > Nice. I will have a look at the data too. > > > > Here are some statistical data: > > > > The total number of tests mentioned in the report is 747, 600 is from > > the > > testcases/kernel/ directory along with some in network, misc. There > > seems to be quite a number of reports in the lib/ directory. > > > > Could you run the tool for the openposix testcases as well? > > I forgot that those are not compiled along with everything else. > Yes, I can do that, I'll adjust my setup and give a try. > > I noticed you are making changes in this area, would it make more sense > to run it on latest rather than latest LTP stable? Most of the fixes I've did was to remove stubs, but there vere some real fixes (but most likely single digit number). The same applies to the rest of the testcases. So if running it in latest git is simple enough, please do so, otherwise stick with the latest release. -- Cyril Hrubis chrubis@suse.cz ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LTP] Coverity report for ltp-20130109 2013-03-19 15:18 ` [LTP] Coverity report for ltp-20130109 Jan Stancek 2013-03-19 15:28 ` chrubis @ 2013-03-19 17:43 ` chrubis 1 sibling, 0 replies; 5+ messages in thread From: chrubis @ 2013-03-19 17:43 UTC (permalink / raw) To: Jan Stancek; +Cc: LTP List Hi! > I ran it for current LTP stable (20130109) (on top of RHEL6.4) > and I'm sharing results here: > http://jan.stancek.eu/coverity/ltp-20130109-1.el6.err.xz I've looked at the results briefly and allready found and fixed one (quite stupid) bug in doio.c. But there seems to be quite a number of false possitives because LTP does things that are usually wrong intentionally (i.e. NULL dereference). We could probably mask most of the cases from the compiler by setting such variables as volatile, but I'm not really sure if it's worth of it. -- Cyril Hrubis chrubis@suse.cz ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar _______________________________________________ Ltp-list mailing list Ltp-list@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ltp-list ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2013-03-19 17:43 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <1437086244.21063924.1363705319128.JavaMail.root@redhat.com>
2013-03-19 15:18 ` [LTP] Coverity report for ltp-20130109 Jan Stancek
2013-03-19 15:28 ` chrubis
2013-03-19 16:09 ` chrubis
[not found] ` <1590001509.21115132.1363709682126.JavaMail.root@redhat.com>
2013-03-19 16:38 ` chrubis
2013-03-19 17:43 ` chrubis
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox