X-MimeOLE: Produced By Microsoft Exchange V6.5
Received: by onstor-exch02.onstor.net 
	id <01C79718.DD4DB65E@onstor-exch02.onstor.net>; Tue, 15 May 2007 10:45:45 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C79718.DD4DB65E"
Content-class: urn:content-classes:message
Subject: RE: running coverity locally
Date: Tue, 15 May 2007 10:45:44 -0700
Message-ID: <BB375AF679D4A34E9CA8DFA650E2B04E03B6EAD3@onstor-exch02.onstor.net>
In-Reply-To: <BB375AF679D4A34E9CA8DFA650E2B04E02F3D0A7@onstor-exch02.onstor.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: running coverity locally
Thread-Index: AceTQJksMU7jjQGzS5ywCB1Xxo04IgDRCdlXACLPueAAAS97DAAA13Pg
References: <BB375AF679D4A34E9CA8DFA650E2B04E03A8DFE9@onstor-exch02.onstor.net> <BB375AF679D4A34E9CA8DFA650E2B04E02F3D0A2@onstor-exch02.onstor.net> <BB375AF679D4A34E9CA8DFA650E2B04E03B6EA60@onstor-exch02.onstor.net> <BB375AF679D4A34E9CA8DFA650E2B04E02F3D0A7@onstor-exch02.onstor.net>
From: "Maxim Kozlovsky" <maxim.kozlovsky@onstor.com>
To: "Ken Renshaw" <ken.renshaw@onstor.com>,
	"dl-Software" <dl-software@onstor.com>

This is a multi-part message in MIME format.

------_=_NextPart_001_01C79718.DD4DB65E
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

=20

=20

________________________________

From: Ken Renshaw=20
Sent: Tuesday, May 15, 2007 10:38 AM
To: Maxim Kozlovsky; dl-Software
Cc: Ken Renshaw
Subject: RE: running coverity locally

=20

Thanks for the feedback/questions Max. Answers inline....

=20

________________________________

From: Maxim Kozlovsky
Sent: Tue 5/15/2007 10:06 AM
To: Ken Renshaw; dl-Software
Subject: RE: running coverity locally

Well, it is hard to say what is harder, parsing the XML files or
clicking through the browser.

=20

I'm not sure what is difficult about the browser interface, within a few
clicks and column sorts pretty much anything of interest is right there,
i.e. lists of defects per file or function, defects per checker, and
within another click or two the annotated source from the run is brought
up, with cross-referencing to othere files, functions, models, etc.
Personal queries are also available to sort things pretty much any way
you'd want as well.

=20

[MK] Never mind, that's just me, not liking clicking through the links.


=20

Assuming that I'll click through the browser; do I (or any other
developers) have the permissions to commit the results to the database?=20

=20

Sure, what exactly are you talking about committing back to the
database? There are multiple sets of permissions, and on every defect
page to the left of the annotated source are the tracking flags like
Uninspected ( where all CIDs start life ), Bug, Intentional, etc. When
defects are fixed they a) should be flagged as such and b) will not show
up in future runs ( if it's fixed correctly of course ).

[MK] If I do my own run, I have to be able to be able to commit its
results to database to be able to use the browser interface to look at
it.=20

=20

Side note: in the runs that you are doing it does not make sense to run
coverity over whole product. There are some functions on SSC and EEE
with identical names but different properties. This confuses coverity
into false conclusions. There should be two separate runs, for SSC and
EEE.=20

=20

Do you mean SSC versus FP/TXRX/FC cores or something else? That's
actually the way I started doing it but when we started Tim, Brian, and
I thought it best to just do the single product run. I can go back to
splitting it into two if that works better. If you're talking about
something else please let me know. The cov-build is s wrapper around
make targets so that's the level of granularity easily available. If we
need to split things up deeper than that we'll have to weight the
merits.

[MK] Yes, SSC versus FP/TXRX/FC. Doing single run does not work well for
the reasons above.

=20

Thanks again for the feedback,

=20

-Ken

=20

________________________________

From: Ken Renshaw=20
Sent: Monday, May 14, 2007 5:18 PM
To: Maxim Kozlovsky; dl-Software
Cc: Ken Renshaw
Subject: RE: running coverity locally

=20

The short answer is no, the product is designed to commit the output of
the analyses into the database prior to rendering to the browser.

=20

However....

=20

I poked around behind the curtain and there is a possible 'maybe' answer
for you. When I do a run the three commands that get run sequentially
from the command line are:

=20

cov-build

cov-analyze

cov-commit-defects

=20

Then you view them through the browser.=20

=20

However, the output of the cov-analyze command is a set of XML files,
one for each checker, i.e. NULL_FORWARD, RESOURCE_LEAK, etc. The
contents of that XML file show the instances in each file and function
that contains the defect, an example of one is this snippet from
NULL_RETURN.errors.xml:

=20

<file>/perforce/trees2/FB-DELOREAN/nfx-tree/code/sm-malloc/malloc-api.c<
/file>
<md5>60f185aa9273ad83eb54e87978040e3a</md5>
<function>eee_ramAllocZero</function>
<id>2</id>
</model_ptr>
</event>
<event>
<tag>var_assigned</tag>
<description>Variable &quot;resp&quot; assigned to NULL return value
from &quot;eee_ramAllocZero&quot;</description>
<line>360</line>
</event>
<event>
<tag>dereference</tag>
<description>Dereferencing NULL value &quot;resp&quot;</description>
<line>389</line>
</event>
</error>
<error>
<checker>NULL_RETURNS</checker>

=20

So in this example you can see that at line 360 of malloc-api.c in the
function eee_ramAllocZero a variable takes a path where it could be set
to null and at line 389 that potentially null value is dereferenced.

=20

So in theory you can do cov-build and cov-analyze and then parse the XML
output and have a command line only interface. I do not believe the
license is node locked, so we can probably get it installed on compile2
if you wanted Max.

=20

Any other questions please let me know, thanks.

=20

-Ken

=20

________________________________

From: Maxim Kozlovsky
Sent: Thu 5/10/2007 1:20 PM
To: Ken Renshaw; dl-Software
Subject: running coverity locally

Hello,

Is it possible to run coverity on local workstation without going
through the fancy http interface and without storing the results in the
database? If yes, whom do I see to get it installed on compile2?

Max


------_=_NextPart_001_01C79718.DD4DB65E
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<title>running coverity locally</title>
<style>
<!--
font-face=0A=
	{font-family:Tahoma;}

 /* Font Definitions */
 @font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman";}
a:link, span.MsoHyperlink
	{color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{color:purple;
	text-decoration:underline;}
p
	{mso-margin-top-alt:auto;
	margin-right:0in;
	mso-margin-bottom-alt:auto;
	margin-left:0in;
	font-size:12.0pt;
	font-family:"Times New Roman";}
span.emailstyle18
	{font-family:Arial;
	color:navy;}
span.EmailStyle21
	{mso-style-type:personal-reply;
	font-family:Arial;
	color:navy;}
@page Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
	{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext=3D"edit">
  <o:idmap v:ext=3D"edit" data=3D"1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<div>

<div class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><font =
size=3D3
face=3D"Times New Roman"><span style=3D'font-size:12.0pt'>

<hr size=3D2 width=3D"100%" align=3Dcenter tabindex=3D-1>

</span></font></div>

<p class=3DMsoNormal><b><font size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font =
size=3D2
face=3DTahoma><span style=3D'font-size:10.0pt;font-family:Tahoma'> Ken =
Renshaw <br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> Tuesday, May 15, =
2007 10:38
AM<br>
<b><span style=3D'font-weight:bold'>To:</span></b> Maxim Kozlovsky; =
dl-Software<br>
<b><span style=3D'font-weight:bold'>Cc:</span></b> Ken Renshaw<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> RE: running =
coverity
locally</span></font><o:p></o:p></p>

</div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'><o:p>&nbsp;</o:p></span></font></p>

<div id=3DidOWAReplyText96579>

<div>

<p class=3DMsoNormal><em><i><font size=3D2 color=3Dblack =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial;color:black'>Thanks for the
feedback/questions Max. Answers =
inline....</span></font></i></em><o:p></o:p></p>

</div>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'><o:p>&nbsp;</o:p></span></font></p>

<div class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><font =
size=3D3
face=3D"Times New Roman"><span style=3D'font-size:12.0pt'>

<hr size=3D2 width=3D"100%" align=3Dcenter tabIndex=3D-1>

</span></font></div>

<p class=3DMsoNormal style=3D'margin-bottom:12.0pt'><b><font size=3D2 =
face=3DTahoma><span
style=3D'font-size:10.0pt;font-family:Tahoma;font-weight:bold'>From:</spa=
n></font></b><font
size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;font-family:Tahoma'> Maxim
Kozlovsky<br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> Tue 5/15/2007 10:06 =
AM<br>
<b><span style=3D'font-weight:bold'>To:</span></b> Ken Renshaw; =
dl-Software<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> RE: running =
coverity
locally</span></font><o:p></o:p></p>

</div>

<div>

<p class=3DMsoNormal><strong><b><font size=3D2 color=3Dnavy =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial;color:navy'>Well, it is hard =
to say
what is harder, parsing the XML files or clicking through the =
browser.</span></font></b></strong><o:p></o:p></p>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

<p class=3DMsoNormal><em><i><font size=3D2 color=3Dnavy =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial;color:navy'>I'm not sure =
what is
difficult about the browser interface, within a few clicks and column =
sorts
pretty much anything of interest is right there, i.e. lists of defects =
per file
or function, defects per checker, and within another click or two the =
annotated
source from the run is brought up, with cross-referencing to othere =
files,
functions, models, etc. Personal queries are also available to sort =
things
pretty much any way you'd want as =
well.</span></font></i></em><o:p></o:p></p>

<p class=3DMsoNormal><em><i><font size=3D2 color=3Dnavy =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p>=
</span></font></i></em></p>

<p class=3DMsoNormal><b><i><font size=3D2 color=3Dnavy =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial;color:navy;font-weight:bold;
font-style:italic'>[MK] Never mind, that&#8217;s just me, not liking =
clicking
through the links. &nbsp;<o:p></o:p></span></font></i></b></p>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

<p class=3DMsoNormal><strong><b><font size=3D2 color=3Dnavy =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial;color:navy'>Assuming that =
I&#8217;ll
click through the browser; do I (or any other developers) have the =
permissions
to commit the results to the database?</span></font></b></strong><font =
size=3D2
color=3Dnavy face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;
color:navy'> </span></font><o:p></o:p></p>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

<p class=3DMsoNormal><em><i><font size=3D2 color=3Dnavy =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial;color:navy'>Sure, what =
exactly are
you talking about committing back to the database? There are multiple =
sets of
permissions, and on every defect page to the left of the annotated =
source are
the tracking flags like Uninspected ( where all CIDs start life ), Bug,
Intentional, etc. When defects are fixed they a) should be flagged as =
such and
b) will not show up in future runs ( if it's fixed correctly of course =
).</span></font></i></em><em><i><font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></i=
></em></p>

<p class=3DMsoNormal><b><i><font size=3D2 color=3Dnavy =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial;color:navy;font-weight:bold;
font-style:italic'>[MK] If I do my own run, I have to be able to be able =
to
commit its results to database to be able to use the browser interface =
to look
at it. </span></font></i></b><font size=3D2 color=3Dnavy =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial;color:navy'><o:p></o:p></span=
></font></p>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

<p class=3DMsoNormal><strong><b><font size=3D2 color=3Dnavy =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial;color:navy'>Side note: in =
the runs
that you are doing it does not make sense to run coverity over whole =
product.
There are some functions on SSC and EEE with identical names but =
different
properties. This confuses coverity into false conclusions. There should =
be two
separate runs, for SSC and EEE.</span></font></b></strong><font size=3D2
color=3Dnavy face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;
color:navy'> </span></font><o:p></o:p></p>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

<p class=3DMsoNormal><em><i><font size=3D2 color=3Dnavy =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial;color:navy'>Do you mean SSC =
versus
FP/TXRX/FC cores or something else? That's actually the way I started =
doing it
but when we started Tim, Brian, and I thought it best to just do the =
single
product run. I can go back to splitting it into two if that works =
better. If
you're talking about something else please let me know. The cov-build is =
s
wrapper around make targets so that's the level of granularity easily
available. If we need to split things up deeper than that we'll have to =
weight
the merits.</span></font></i></em><em><i><font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'><o:p></o:p></span></font></i=
></em></p>

<p class=3DMsoNormal><b><i><font size=3D2 color=3Dnavy =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial;color:navy;font-weight:bold;
font-style:italic'>[MK] Yes, SSC versus FP/TXRX/FC. Doing single run =
does not
work well for the reasons above.</span></font></i></b><font size=3D2 =
color=3Dnavy
face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial;color:navy'><o:p></o:p></span=
></font></p>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

<p class=3DMsoNormal><em><i><font size=3D2 color=3Dnavy =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial;color:navy'>Thanks again for =
the
feedback,</span></font></i></em><o:p></o:p></p>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

<p class=3DMsoNormal><em><i><font size=3D2 color=3Dnavy =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial;color:navy'>-Ken</span></font=
></i></em><o:p></o:p></p>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

<div>

<div class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><font =
size=3D3
face=3D"Times New Roman"><span style=3D'font-size:12.0pt'>

<hr size=3D2 width=3D"100%" align=3Dcenter tabIndex=3D-1>

</span></font></div>

<p class=3DMsoNormal><b><font size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font =
size=3D2
face=3DTahoma><span style=3D'font-size:10.0pt;font-family:Tahoma'> Ken =
Renshaw <br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> Monday, May 14, =
2007 5:18 PM<br>
<b><span style=3D'font-weight:bold'>To:</span></b> Maxim Kozlovsky; =
dl-Software<br>
<b><span style=3D'font-weight:bold'>Cc:</span></b> Ken Renshaw<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> RE: running =
coverity
locally</span></font><o:p></o:p></p>

</div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

<div id=3DidOWAReplyText15294>

<div>

<p class=3DMsoNormal><font size=3D2 color=3Dblack face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:black'>The short answer is no, the =
product is
designed to commit the output of the analyses into the database prior to
rendering to the browser.</span></font><o:p></o:p></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>However....</span></font><o:p></o:p></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>I poked around behind the curtain and there is a =
possible
'maybe' answer for you. When I do a run the three commands that get run
sequentially from the command line are:</span></font><o:p></o:p></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>cov-build</span></font><o:p></o:p></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>cov-analyze</span></font><o:p></o:p></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>cov-commit-defects</span></font><o:p></o:p></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Then you view them through the browser. =
</span></font><o:p></o:p></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>However, the output of the cov-analyze command is a =
set of
XML files, one for each checker, i.e. NULL_FORWARD, RESOURCE_LEAK, etc. =
The
contents of that XML file show the instances in each file and function =
that
contains the defect, an example of one is this snippet from
NULL_RETURN.errors.xml:</span></font><o:p></o:p></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>&lt;file&gt;/perforce/trees2/FB-DELOREAN/nfx-tree/code=
/sm-malloc/malloc-api.c&lt;/file&gt;<br>
&lt;md5&gt;60f185aa9273ad83eb54e87978040e3a&lt;/md5&gt;<br>
&lt;function&gt;eee_ramAllocZero&lt;/function&gt;<br>
&lt;id&gt;2&lt;/id&gt;<br>
&lt;/model_ptr&gt;<br>
&lt;/event&gt;<br>
&lt;event&gt;<br>
&lt;tag&gt;var_assigned&lt;/tag&gt;<br>
&lt;description&gt;Variable &amp;quot;resp&amp;quot; assigned to NULL =
return
value from &amp;quot;eee_ramAllocZero&amp;quot;&lt;/description&gt;<br>
&lt;line&gt;360&lt;/line&gt;<br>
&lt;/event&gt;<br>
&lt;event&gt;<br>
&lt;tag&gt;dereference&lt;/tag&gt;<br>
&lt;description&gt;Dereferencing NULL value
&amp;quot;resp&amp;quot;&lt;/description&gt;<br>
&lt;line&gt;389&lt;/line&gt;<br>
&lt;/event&gt;<br>
&lt;/error&gt;<br>
&lt;error&gt;<br>
&lt;checker&gt;NULL_RETURNS&lt;/checker&gt;</span></font><o:p></o:p></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>So in this example you can see that at line 360 of
malloc-api.c in the function eee_ramAllocZero a variable takes a path =
where it
could be set to null and at line 389 that potentially null value is
dereferenced.</span></font><o:p></o:p></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>So in theory you can do cov-build and cov-analyze and =
then
parse the XML output and have a command line only interface. I do not =
believe
the license is node locked, so we can probably get it installed on =
compile2 if
you wanted Max.</span></font><o:p></o:p></p>

</div>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Any other questions please let me know, =
thanks.</span></font><o:p></o:p></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>-Ken</span></font><o:p></o:p></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<div>

<div class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><font =
size=3D3
face=3D"Times New Roman"><span style=3D'font-size:12.0pt'>

<hr size=3D2 width=3D"100%" align=3Dcenter tabIndex=3D-1>

</span></font></div>

</div>

<div>

<p class=3DMsoNormal style=3D'margin-bottom:12.0pt'><b><font size=3D2 =
face=3DTahoma><span
style=3D'font-size:10.0pt;font-family:Tahoma;font-weight:bold'>From:</spa=
n></font></b><font
size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;font-family:Tahoma'> Maxim
Kozlovsky<br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> Thu 5/10/2007 1:20 =
PM<br>
<b><span style=3D'font-weight:bold'>To:</span></b> Ken Renshaw; =
dl-Software<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> running coverity =
locally</span></font><o:p></o:p></p>

</div>

<div>

<p><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>Hello,</span></font><o:p></o=
:p></p>

<p><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>Is
it possible to run coverity on local workstation without going through =
the
fancy http</span></font> <font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>interface</span></font> <font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>and without storing the =
results in
the database? If yes, whom do I see to get it installed on</span></font> =
<font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>compile2?</span></font><o:p>=
</o:p></p>

<p><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>Max</span></font><o:p></o:p>=
</p>

</div>

</div>

</div>

</body>

</html>

------_=_NextPart_001_01C79718.DD4DB65E--
