[LTP] Coverity report for ltp-20130109

[LTP] Coverity report for ltp-20130109

[Jan Stancek]

Hi,

What is Coverity?
Coverity Prevent is commercial enterprise level tool for static analysis
(analysis based only on compiling of sources, not based on running of binary)
of the C/C++ and Java code.

analyzer coverity
analyzer-args --wait-for-license -co BAD_FREE:allow_first_field:true --all
analyzer-version Coverity Static Analysis for C/C++ version 6.5.1 on Linux 2.6.32-279.el6.x86_64 x86_64

I ran it for current LTP stable (20130109) (on top of RHEL6.4)
and I'm sharing results here:
http://jan.stancek.eu/coverity/ltp-20130109-1.el6.err.xz

I looked at results only very briefly so far. The one that caught my
eye was actually my previous email: inode02: fix "slash" array overrun.
This run includes "--all" parameter, so it's likely there are some false
positives.

Regards,
Jan

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] Coverity report for ltp-20130109

[chrubis]

Hi!
> What is Coverity?
> Coverity Prevent is commercial enterprise level tool for static analysis
> (analysis based only on compiling of sources, not based on running of binary)
> of the C/C++ and Java code.
> 
> analyzer coverity
> analyzer-args --wait-for-license -co BAD_FREE:allow_first_field:true --all
> analyzer-version Coverity Static Analysis for C/C++ version 6.5.1 on Linux 2.6.32-279.el6.x86_64 x86_64
> 
> I ran it for current LTP stable (20130109) (on top of RHEL6.4)
> and I'm sharing results here:
> http://jan.stancek.eu/coverity/ltp-20130109-1.el6.err.xz
> 
> I looked at results only very briefly so far. The one that caught my
> eye was actually my previous email: inode02: fix "slash" array overrun.
> This run includes "--all" parameter, so it's likely there are some false
> positives.

Nice. I will have a look at the data too.

-- 
Cyril Hrubis
chrubis@suse.cz

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] Coverity report for ltp-20130109

[chrubis]

Hi!
> > What is Coverity?
> > Coverity Prevent is commercial enterprise level tool for static analysis
> > (analysis based only on compiling of sources, not based on running of binary)
> > of the C/C++ and Java code.
> > 
> > analyzer coverity
> > analyzer-args --wait-for-license -co BAD_FREE:allow_first_field:true --all
> > analyzer-version Coverity Static Analysis for C/C++ version 6.5.1 on Linux 2.6.32-279.el6.x86_64 x86_64
> > 
> > I ran it for current LTP stable (20130109) (on top of RHEL6.4)
> > and I'm sharing results here:
> > http://jan.stancek.eu/coverity/ltp-20130109-1.el6.err.xz
> > 
> > I looked at results only very briefly so far. The one that caught my
> > eye was actually my previous email: inode02: fix "slash" array overrun.
> > This run includes "--all" parameter, so it's likely there are some false
> > positives.
> 
> Nice. I will have a look at the data too.

Here are some statistical data:

The total number of tests mentioned in the report is 747, 600 is from the
testcases/kernel/ directory along with some in network, misc. There
seems to be quite a number of reports in the lib/ directory.

Could you run the tool for the openposix testcases as well?

-- 
Cyril Hrubis
chrubis@suse.cz

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] Coverity report for ltp-20130109

[chrubis]

Hi!
> > > Nice. I will have a look at the data too.
> > 
> > Here are some statistical data:
> > 
> > The total number of tests mentioned in the report is 747, 600 is from
> > the
> > testcases/kernel/ directory along with some in network, misc. There
> > seems to be quite a number of reports in the lib/ directory.
> > 
> > Could you run the tool for the openposix testcases as well?
> 
> I forgot that those are not compiled along with everything else.
> Yes, I can do that, I'll adjust my setup and give a try.
> 
> I noticed you are making changes in this area, would it make more sense
> to run it on latest rather than latest LTP stable?

Most of the fixes I've did was to remove stubs, but there vere some real
fixes (but most likely single digit number). The same applies to
the rest of the testcases.

So if running it in latest git is simple enough, please do so, otherwise
stick with the latest release.

-- 
Cyril Hrubis
chrubis@suse.cz

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list

Re: [LTP] Coverity report for ltp-20130109

[chrubis]

Hi!
> I ran it for current LTP stable (20130109) (on top of RHEL6.4)
> and I'm sharing results here:
> http://jan.stancek.eu/coverity/ltp-20130109-1.el6.err.xz

I've looked at the results briefly and allready found and fixed one
(quite stupid) bug in doio.c.

But there seems to be quite a number of false possitives because LTP
does things that are usually wrong intentionally (i.e. NULL
dereference). We could probably mask most of the cases from the compiler
by setting such variables as volatile, but I'm not really sure if it's
worth of it.

-- 
Cyril Hrubis
chrubis@suse.cz

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list