[LTP] Coverity report for ltp-20150420

[LTP] Coverity report for ltp-20150420

[Jan Stancek]

Hi,

What is Coverity?
  Coverity Prevent is commercial enterprise level tool for static analysis
  (analysis based only on compiling of sources, not based on running of binary)
  of the C/C++ and Java code.
analyzer-version-coverity = 7.6.1

This run includes latest LTP release 20150420 (including open_posix_testsuite):
  http://jan.stancek.eu/coverity/ltp-20150420.err.xz

      1 ARRAY_VS_SINGLETON
      4 BAD_COMPARE
     17 BAD_FREE
      1 CHAR_IO
    319 CHECKED_RETURN
      6 CONSTANT_EXPRESSION_RESULT
      3 COPY_PASTE_ERROR
     29 DEADCODE
      1 EVALUATION_ORDER
     43 FORWARD_NULL
      3 IDENTICAL_BRANCHES
     21 MISSING_BREAK
    497 NEGATIVE_RETURNS
      7 NO_EFFECT
      6 NULL_RETURNS
      1 OVERFLOW_BEFORE_WIDEN
     27 OVERRUN
      1 PASS_BY_VALUE
    343 RESOURCE_LEAK
      1 RETURN_LOCAL
      1 REVERSE_INULL
      2 REVERSE_NEGATIVE
     19 SIZEOF_MISMATCH
      1 STRAY_SEMICOLON
     91 UNINIT
     14 UNREACHABLE
      6 UNUSED_VALUE
     48 USE_AFTER_FREE
      1 VARARGS

Regards,
Jan

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] Coverity report for ltp-20150420

[Cyril Hrubis]

Hi!
>       1 ARRAY_VS_SINGLETON
>       4 BAD_COMPARE
>      17 BAD_FREE
>       1 CHAR_IO
>     319 CHECKED_RETURN
>       6 CONSTANT_EXPRESSION_RESULT
>       3 COPY_PASTE_ERROR
>      29 DEADCODE
>       1 EVALUATION_ORDER
>      43 FORWARD_NULL
>       3 IDENTICAL_BRANCHES
>      21 MISSING_BREAK
>     497 NEGATIVE_RETURNS
>       7 NO_EFFECT
>       6 NULL_RETURNS
>       1 OVERFLOW_BEFORE_WIDEN
>      27 OVERRUN
>       1 PASS_BY_VALUE
>     343 RESOURCE_LEAK
>       1 RETURN_LOCAL
>       1 REVERSE_INULL
>       2 REVERSE_NEGATIVE
>      19 SIZEOF_MISMATCH
>       1 STRAY_SEMICOLON
>      91 UNINIT
>      14 UNREACHABLE
>       6 UNUSED_VALUE
>      48 USE_AFTER_FREE
>       1 VARARGS

Thanks for doing this again. :)

BTW do you have a this table for previous releases? I looked at the
previous emails and these stats weren't there. It would be interesting
to compare how these numbers changed in time.

-- 
Cyril Hrubis
chrubis@suse.cz

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] Coverity report for ltp-20150420

[Cyril Hrubis]

[-- Attachment #1: Type: text/plain, Size: 232 bytes --]

Hi!
And result of quick perl hackery is attached. Overall it's better, but
we keep adding warnings as well.

BTW: I can feed it easily with more data or share the script if you are
     interested.

-- 
Cyril Hrubis
chrubis@suse.cz

[-- Attachment #2: report.html --]
[-- Type: text/html, Size: 5330 bytes --]

[-- Attachment #3: Type: text/plain, Size: 409 bytes --]

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y

[-- Attachment #4: Type: text/plain, Size: 155 bytes --]

_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] Coverity report for ltp-20150420

[Cyril Hrubis]

[-- Attachment #1: Type: text/plain, Size: 811 bytes --]

Hi!
New report attached.

Looking at data, the rapid increase in compiler warnings between 20140115 and
20140422 corresponds to:

commit 20eb071295762dc14649c10308d193936dded0ca
Author: Alexey Kodanev <alexey.kodanev@oracle.com>
Date:   Fri Apr 11 13:26:59 2014 +0400

    configure: add configure check for GCC -Wold-style-definition

commit dcd5af4f811e582feaec3bf01df89d7a0ec05d6e
Author: Cyril Hrubis <metan@ucw.cz>
Date:   Mon Jan 20 17:03:26 2014 +0100

    config.mk.in: Turn on extra warnings.

    Don't forget to regenerate and rerun the configure script.

So to get reasonable data for these we will have to pass -W
-Wold-style-definition to the configure to releases before 20140422.

I have no idea though, why 20130109 has only 171 warnings, that seems very odd.

-- 
Cyril Hrubis
chrubis@suse.cz

[-- Attachment #2: report.html --]
[-- Type: text/html, Size: 55554 bytes --]

[-- Attachment #3: Type: text/plain, Size: 409 bytes --]

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y

[-- Attachment #4: Type: text/plain, Size: 155 bytes --]

_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] Coverity report for ltp-20150420

[Jan Stancek]

----- Original Message -----
> From: "Jan Stancek" <jstancek@redhat.com>
> To: "ltp-list" <ltp-list@lists.sf.net>
> Sent: Friday, 24 April, 2015 3:54:37 PM
> Subject: [LTP] Coverity report for ltp-20150420
> 
> Hi,
> 
> What is Coverity?
>   Coverity Prevent is commercial enterprise level tool for static analysis
>   (analysis based only on compiling of sources, not based on running of
>   binary)
>   of the C/C++ and Java code.
> analyzer-version-coverity = 7.6.1
> 
> This run includes latest LTP release 20150420 (including
> open_posix_testsuite):
>   http://jan.stancek.eu/coverity/ltp-20150420.err.xz
> 
>       1 ARRAY_VS_SINGLETON
>       4 BAD_COMPARE
>      17 BAD_FREE

I went through most of BAD_FREE reports yesterday and in many cases it was
mmap + munmap with some offset, which coverity doesn't like.

From what I have read, it should be possible to annotate code to make coverity
stop complaining. For example by adding following:
  /* coverity[EVENT_TAG_NAME] */

I'm not exactly clear where to get "event tag names" yet, as these seem to be
different from error names that appear in *.err logs.

Before I dig deeper into this, would anyone be opposed if we start adding
such annotation to LTP source?

Regards,
Jan


>       1 CHAR_IO
>     319 CHECKED_RETURN
>       6 CONSTANT_EXPRESSION_RESULT
>       3 COPY_PASTE_ERROR
>      29 DEADCODE
>       1 EVALUATION_ORDER
>      43 FORWARD_NULL
>       3 IDENTICAL_BRANCHES
>      21 MISSING_BREAK
>     497 NEGATIVE_RETURNS
>       7 NO_EFFECT
>       6 NULL_RETURNS
>       1 OVERFLOW_BEFORE_WIDEN
>      27 OVERRUN
>       1 PASS_BY_VALUE
>     343 RESOURCE_LEAK
>       1 RETURN_LOCAL
>       1 REVERSE_INULL
>       2 REVERSE_NEGATIVE
>      19 SIZEOF_MISMATCH
>       1 STRAY_SEMICOLON
>      91 UNINIT
>      14 UNREACHABLE
>       6 UNUSED_VALUE
>      48 USE_AFTER_FREE
>       1 VARARGS
> 
> Regards,
> Jan
> 
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> Ltp-list mailing list
> Ltp-list@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/ltp-list
> 

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] Coverity report for ltp-20150420

[Cyril Hrubis]

Hi!
> >From what I have read, it should be possible to annotate code to make coverity
> stop complaining. For example by adding following:
>   /* coverity[EVENT_TAG_NAME] */
> 
> I'm not exactly clear where to get "event tag names" yet, as these seem to be
> different from error names that appear in *.err logs.
> 
> Before I dig deeper into this, would anyone be opposed if we start adding
> such annotation to LTP source?

I'm OK with adding a few annotations to places where LTP does something
that needs to be done and what is normally a bug. As far as I remember
we have a few places that dereference NULL to cause segfault that
produce false-possitive warnings as well.

Looking at the BAD_FREE the munmap03.c is nice example of that. However
most of the BAD_FREE, if I understant it correctly, are result of
unmaping only part of the mmaped memory. That is not really bug, but I
guess that I can live with annotations for these as well if you want
them.

-- 
Cyril Hrubis
chrubis@suse.cz

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list