X-MimeOLE: Produced By Microsoft Exchange V6.5
Received: by onstor-exch02.onstor.net 
	id <01C79717.D46083F4@onstor-exch02.onstor.net>; Tue, 15 May 2007 10:38:20 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C79717.D46083F4"
Content-class: urn:content-classes:message
Subject: RE: running coverity locally
Date: Tue, 15 May 2007 10:38:20 -0700
Message-ID: <BB375AF679D4A34E9CA8DFA650E2B04E02F3D0A7@onstor-exch02.onstor.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: running coverity locally
Thread-Index: AceTQJksMU7jjQGzS5ywCB1Xxo04IgDRCdlXACLPueAAAS97DA==
References: <BB375AF679D4A34E9CA8DFA650E2B04E03A8DFE9@onstor-exch02.onstor.net> <BB375AF679D4A34E9CA8DFA650E2B04E02F3D0A2@onstor-exch02.onstor.net> <BB375AF679D4A34E9CA8DFA650E2B04E03B6EA60@onstor-exch02.onstor.net>
From: "Ken Renshaw" <ken.renshaw@onstor.com>
To: "Maxim Kozlovsky" <maxim.kozlovsky@onstor.com>,
	"dl-Software" <dl-software@onstor.com>
Cc: "Ken Renshaw" <ken.renshaw@onstor.com>

This is a multi-part message in MIME format.

------_=_NextPart_001_01C79717.D46083F4
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Thanks for the feedback/questions Max. Answers inline....

________________________________

From: Maxim Kozlovsky
Sent: Tue 5/15/2007 10:06 AM
To: Ken Renshaw; dl-Software
Subject: RE: running coverity locally



Well, it is hard to say what is harder, parsing the XML files or =
clicking through the browser.

=20

I'm not sure what is difficult about the browser interface, within a few =
clicks and column sorts pretty much anything of interest is right there, =
i.e. lists of defects per file or function, defects per checker, and =
within another click or two the annotated source from the run is brought =
up, with cross-referencing to othere files, functions, models, etc. =
Personal queries are also available to sort things pretty much any way =
you'd want as well.

=20

Let's turn the question around: When you as a developer bring up =
Prevent, what is it you want to see? A particular page, say defects per =
checker filtered to your modules of interest, or ??? The default login =
page for each person can be different, and anything you want. One good =
one is the chart graph of defects per checker, so you can see at a quick =
glance the totals and where the most problems lie. Clicking on a bar in =
the chart directly brings up the list of Coverity defects, which can =
then be sorted and addressed by filename, function,etc.=20

=20

If you let me know more what you'd want to see I can see what I can do. =
Also, since others may be using the tool in different ways, please =
everyone feel free to let me know of any workflow/display/usage issues =
or questions you might have.

=20

Assuming that I'll click through the browser; do I (or any other =
developers) have the permissions to commit the results to the database?=20

=20

Sure, what exactly are you talking about committing back to the =
database? There are multiple sets of permissions, and on every defect =
page to the left of the annotated source are the tracking flags like =
Uninspected ( where all CIDs start life ), Bug, Intentional, etc. When =
defects are fixed they a) should be flagged as such and b) will not show =
up in future runs ( if it's fixed correctly of course ).

=20

To be able to follow through the links, the files used for the =
compilation should be accessible on the machine that is running coverity =
database with the same path. Do we have the home directories mounted on =
this machine?

=20

I have Perforce client that I use to do the runs, and I have things set =
up to do just what you are talking about, but I just realized a bug in =
my setup whereby I don't keep the full rolling sets of built nfx-trees =
for each run. It just reused the same Perforce space. From the cov run =
I'm doing today onwards I'll make sure to archive the trees in such a =
way that you can drill down through the source browser correctly. Thanks =
for pointing that out.

=20

To allow rebuilding only part of the code in developer's build, there is =
a feature described in section 4.8.2 of the help to collect the models =
from the previous runs - "cov-collect-models". Can we include this step =
in the nightly runs and export the directory where these files are =
stored through NFS?

=20

Is this in the context of a developer fixing CIDs where you want to =
incrementally test your changes before commiting? Let me check into this =
mechanism and I'll get back to you on it.=20

=20

Side note: in the runs that you are doing it does not make sense to run =
coverity over whole product. There are some functions on SSC and EEE =
with identical names but different properties. This confuses coverity =
into false conclusions. There should be two separate runs, for SSC and =
EEE.=20

=20

Do you mean SSC versus FP/TXRX/FC cores or something else? That's =
actually the way I started doing it but when we started Tim, Brian, and =
I thought it best to just do the single product run. I can go back to =
splitting it into two if that works better. If you're talking about =
something else please let me know. The cov-build is s wrapper around =
make targets so that's the level of granularity easily available. If we =
need to split things up deeper than that we'll have to weight the =
merits.

=20

Thanks again for the feedback,

=20

-Ken

=20

________________________________

From: Ken Renshaw=20
Sent: Monday, May 14, 2007 5:18 PM
To: Maxim Kozlovsky; dl-Software
Cc: Ken Renshaw
Subject: RE: running coverity locally

=20

The short answer is no, the product is designed to commit the output of =
the analyses into the database prior to rendering to the browser.

=20

However....

=20

I poked around behind the curtain and there is a possible 'maybe' answer =
for you. When I do a run the three commands that get run sequentially =
from the command line are:

=20

cov-build

cov-analyze

cov-commit-defects

=20

Then you view them through the browser.=20

=20

However, the output of the cov-analyze command is a set of XML files, =
one for each checker, i.e. NULL_FORWARD, RESOURCE_LEAK, etc. The =
contents of that XML file show the instances in each file and function =
that contains the defect, an example of one is this snippet from =
NULL_RETURN.errors.xml:

=20

<file>/perforce/trees2/FB-DELOREAN/nfx-tree/code/sm-malloc/malloc-api.c</=
file>
<md5>60f185aa9273ad83eb54e87978040e3a</md5>
<function>eee_ramAllocZero</function>
<id>2</id>
</model_ptr>
</event>
<event>
<tag>var_assigned</tag>
<description>Variable &quot;resp&quot; assigned to NULL return value =
from &quot;eee_ramAllocZero&quot;</description>
<line>360</line>
</event>
<event>
<tag>dereference</tag>
<description>Dereferencing NULL value &quot;resp&quot;</description>
<line>389</line>
</event>
</error>
<error>
<checker>NULL_RETURNS</checker>

=20

So in this example you can see that at line 360 of malloc-api.c in the =
function eee_ramAllocZero a variable takes a path where it could be set =
to null and at line 389 that potentially null value is dereferenced.

=20

So in theory you can do cov-build and cov-analyze and then parse the XML =
output and have a command line only interface. I do not believe the =
license is node locked, so we can probably get it installed on compile2 =
if you wanted Max.

=20

Any other questions please let me know, thanks.

=20

-Ken

=20

________________________________

From: Maxim Kozlovsky
Sent: Thu 5/10/2007 1:20 PM
To: Ken Renshaw; dl-Software
Subject: running coverity locally

Hello,

Is it possible to run coverity on local workstation without going =
through the fancy http interface and without storing the results in the =
database? If yes, whom do I see to get it installed on compile2?

Max


------_=_NextPart_001_01C79717.D46083F4
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<HTML dir=3Dltr><HEAD><TITLE>running coverity locally</TITLE>=0A=
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dunicode">=0A=
<META content=3D"MSHTML 6.00.2900.2853" name=3DGENERATOR>=0A=
<STYLE>=0A=
<!--=0A=
                       =0A=
 font-face=0A=
	{font-family:Tahoma;}=0A=
                        =0A=
 p.MsoNormal, li.MsoNormal, div.MsoNormal=0A=
	{margin:0in;=0A=
	margin-bottom:.0001pt;=0A=
	font-size:12.0pt;=0A=
	font-family:"Times New Roman";}=0A=
a:link, span.MsoHyperlink=0A=
	{color:blue;=0A=
	text-decoration:underline;}=0A=
a:visited, span.MsoHyperlinkFollowed=0A=
	{color:purple;=0A=
	text-decoration:underline;}=0A=
p=0A=
	{=0A=
	margin-right:0in;=0A=
	margin-left:0in;=0A=
	font-size:12.0pt;=0A=
	font-family:"Times New Roman";}=0A=
span.EmailStyle18=0A=
	{=0A=
	font-family:Arial;=0A=
	color:navy;}=0A=
=0A=
div.Section1=0A=
	{page:Section1;}=0A=
-->=0A=
</STYLE>=0A=
</HEAD>=0A=
<BODY lang=3DEN-US vLink=3Dpurple link=3Dblue>=0A=
<DIV id=3DidOWAReplyText96579 dir=3Dltr>=0A=
<DIV dir=3Dltr><FONT face=3DArial color=3D#000000 size=3D2><EM>Thanks =
for the feedback/questions Max. Answers =
inline....</EM></FONT></DIV></DIV>=0A=
<DIV dir=3Dltr><BR>=0A=
<HR tabIndex=3D-1>=0A=
<FONT face=3DTahoma size=3D2><B>From:</B> Maxim =
Kozlovsky<BR><B>Sent:</B> Tue 5/15/2007 10:06 AM<BR><B>To:</B> Ken =
Renshaw; dl-Software<BR><B>Subject:</B> RE: running coverity =
locally<BR></FONT><BR></DIV>=0A=
<DIV>=0A=
<DIV class=3DSection1>=0A=
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><STRONG>Well, =
it is hard to say what is harder, parsing the XML files or clicking =
through the browser.</STRONG></SPAN></FONT></P>=0A=
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"></SPAN></FONT>&nbsp;</P>=0A=
<P class=3DMsoNormal><FONT face=3DArial color=3D#00ff00 size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><EM>I'm not =
sure what is difficult about the browser interface, within a few clicks =
and column sorts pretty much anything of interest is right there, i.e. =
lists of defects per file or function, defects per checker, and within =
another click or two the annotated source from the run is brought up, =
with cross-referencing to othere files, functions, models, etc. Personal =
queries are also available to sort things pretty much any way you'd want =
as well.</EM></SPAN></FONT></P>=0A=
<P class=3DMsoNormal><FONT face=3DArial color=3D#00ff00 size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"><EM></EM></SPAN></FONT>&nbsp;</P>=0A=
<P class=3DMsoNormal><FONT face=3DArial color=3D#ff0000 size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><EM>Let's =
turn the question around: When you as a developer bring up Prevent, what =
is it you want to see? A particular page, say defects per checker =
filtered to your modules of interest, or ??? The default login page for =
each person can be different, and anything you want. One good one is the =
chart graph of defects per checker, so you can see at a quick glance the =
totals and where the most problems lie. Clicking on a bar in the chart =
directly brings up the list of Coverity defects, which can then be =
sorted and addressed by filename, function,etc. </EM></SPAN></FONT></P>=0A=
<P class=3DMsoNormal><FONT face=3DArial color=3D#ff0000 size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"><EM></EM></SPAN></FONT>&nbsp;</P>=0A=
<P class=3DMsoNormal><FONT face=3DArial color=3D#ff0000 size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><EM>If you =
let me know more what you'd want to see I can see what I can do. Also, =
since others may be using the tool in different ways, please everyone =
feel free to let me know of any workflow/display/usage issues or =
questions you might have.</EM></SPAN></FONT></P>=0A=
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"></SPAN></FONT>&nbsp;</P>=0A=
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"><STRONG>Assuming that I&#8217;ll click through the browser; do I =
(or any other developers) have the permissions to commit the results to =
the database?</STRONG> </SPAN></FONT></P>=0A=
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"></SPAN></FONT>&nbsp;</P>=0A=
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><EM>Sure, =
what exactly are you talking about committing back to the database? =
There are multiple sets of permissions, and on every defect page to the =
left of the annotated source are the tracking flags like Uninspected ( =
where all CIDs start life ), Bug, Intentional, etc. When defects are =
fixed they a) should be flagged as such and b) will not show up in =
future runs ( if it's fixed correctly of course ).</EM></SPAN></FONT></P>=0A=
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"></SPAN></FONT>&nbsp;</P>=0A=
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><STRONG>To be =
able to follow through the links, the files used for the compilation =
should be accessible on the machine that is running coverity database =
with the same path. Do we have the home directories mounted on this =
machine?</STRONG></SPAN></FONT></P>=0A=
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"></SPAN></FONT>&nbsp;</P>=0A=
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><EM>I have =
Perforce client that I use to do the runs, and I have things set up to =
do just what you are talking about, but I just realized a bug in my =
setup whereby I don't keep the full rolling sets of built nfx-trees for =
each run. It just reused the same Perforce space. From the cov run I'm =
doing today onwards I'll make sure to archive the trees in such a way =
that you can drill down through the source browser correctly. Thanks for =
pointing that out.</EM></SPAN></FONT></P>=0A=
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"></SPAN></FONT>&nbsp;</P>=0A=
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><STRONG>To =
allow rebuilding only part of the code in developer&#8217;s build, there =
is a feature described in section 4.8.2 of the help to collect the =
models from the previous runs &#8211; &#8220;cov-collect-models&#8221;. =
Can we include this step in the nightly runs and export the directory =
where these files are stored through NFS?</STRONG></SPAN></FONT></P>=0A=
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"></SPAN></FONT>&nbsp;</P>=0A=
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><EM>Is this =
in the context of a developer fixing CIDs where you want to =
incrementally test your changes before commiting? Let me check into this =
mechanism and I'll get back to you on it.</EM> </SPAN></FONT></P>=0A=
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"></SPAN></FONT>&nbsp;</P>=0A=
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><STRONG>Side =
note: in the runs that you are doing it does not make sense to run =
coverity over whole product. There are some functions on SSC and EEE =
with identical names but different properties. This confuses coverity =
into false conclusions. There should be two separate runs, for SSC and =
EEE.</STRONG> </SPAN></FONT></P>=0A=
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"></SPAN></FONT>&nbsp;</P>=0A=
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><EM>Do you =
mean SSC versus FP/TXRX/FC cores or something else? That's actually the =
way I started doing it but when we started Tim, Brian, and I thought it =
best to just do the single product run. I can go back to splitting it =
into two if that works better. If you're talking about something else =
please let me know. The cov-build is s wrapper around make targets so =
that's the level of granularity easily available. If we need to split =
things up deeper than that we'll have to weight the =
merits.</EM></SPAN></FONT></P>=0A=
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"><EM></EM></SPAN></FONT>&nbsp;</P>=0A=
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"><EM>Thanks =
again for the feedback,</EM></SPAN></FONT></P>=0A=
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"><EM></EM></SPAN></FONT>&nbsp;</P>=0A=
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"><EM>-Ken</EM></SPAN></FONT></P>=0A=
<P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: =
Arial"></SPAN></FONT>&nbsp;</P>=0A=
<DIV>=0A=
<DIV class=3DMsoNormal style=3D"TEXT-ALIGN: center" align=3Dcenter><FONT =
face=3D"Times New Roman" size=3D3><SPAN style=3D"FONT-SIZE: 12pt">=0A=
<HR tabIndex=3D-1 align=3Dcenter width=3D"100%" SIZE=3D2>=0A=
</SPAN></FONT></DIV>=0A=
<P class=3DMsoNormal><B><FONT face=3DTahoma size=3D2><SPAN =
style=3D"FONT-WEIGHT: bold; FONT-SIZE: 10pt; FONT-FAMILY: =
Tahoma">From:</SPAN></FONT></B><FONT face=3DTahoma size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Tahoma"> Ken Renshaw <BR><B><SPAN =
style=3D"FONT-WEIGHT: bold">Sent:</SPAN></B> Monday, May 14, 2007 5:18 =
PM<BR><B><SPAN style=3D"FONT-WEIGHT: bold">To:</SPAN></B> Maxim =
Kozlovsky; dl-Software<BR><B><SPAN style=3D"FONT-WEIGHT: =
bold">Cc:</SPAN></B> Ken Renshaw<BR><B><SPAN style=3D"FONT-WEIGHT: =
bold">Subject:</SPAN></B> RE: running coverity =
locally</SPAN></FONT></P></DIV>=0A=
<P class=3DMsoNormal><FONT face=3D"Times New Roman" size=3D3><SPAN =
style=3D"FONT-SIZE: 12pt"></SPAN></FONT>&nbsp;</P>=0A=
<DIV id=3DidOWAReplyText15294>=0A=
<DIV>=0A=
<P class=3DMsoNormal><FONT face=3DArial color=3Dblack size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; COLOR: black; FONT-FAMILY: Arial">The short =
answer is no, the product is designed to commit the output of the =
analyses into the database prior to rendering to the =
browser.</SPAN></FONT></P></DIV>=0A=
<DIV>=0A=
<P class=3DMsoNormal><FONT face=3D"Times New Roman" size=3D3><SPAN =
style=3D"FONT-SIZE: 12pt"></SPAN></FONT>&nbsp;</P></DIV>=0A=
<DIV>=0A=
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">However....</SPAN></FONT></P></DIV>=0A=
<DIV>=0A=
<P class=3DMsoNormal><FONT face=3D"Times New Roman" size=3D3><SPAN =
style=3D"FONT-SIZE: 12pt"></SPAN></FONT>&nbsp;</P></DIV>=0A=
<DIV>=0A=
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">I poked around behind the =
curtain and there is a possible 'maybe' answer for you. When I do a run =
the three commands that get run sequentially from the command line =
are:</SPAN></FONT></P></DIV>=0A=
<DIV>=0A=
<P class=3DMsoNormal><FONT face=3D"Times New Roman" size=3D3><SPAN =
style=3D"FONT-SIZE: 12pt"></SPAN></FONT>&nbsp;</P></DIV>=0A=
<DIV>=0A=
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">cov-build</SPAN></FONT></P></DIV>=0A=
<DIV>=0A=
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">cov-analyze</SPAN></FONT></P></DIV>=0A=
<DIV>=0A=
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">cov-commit-defects</SPAN></FONT></P></DIV>=0A=
<DIV>=0A=
<P class=3DMsoNormal><FONT face=3D"Times New Roman" size=3D3><SPAN =
style=3D"FONT-SIZE: 12pt"></SPAN></FONT>&nbsp;</P></DIV>=0A=
<DIV>=0A=
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Then you view them through =
the browser. </SPAN></FONT></P></DIV>=0A=
<DIV>=0A=
<P class=3DMsoNormal><FONT face=3D"Times New Roman" size=3D3><SPAN =
style=3D"FONT-SIZE: 12pt"></SPAN></FONT>&nbsp;</P></DIV>=0A=
<DIV>=0A=
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">However, the output of the =
cov-analyze command is a set of XML files, one for each checker, i.e. =
NULL_FORWARD, RESOURCE_LEAK, etc. The contents of that XML file show the =
instances in each file and function that contains the defect, an example =
of one is this snippet from =
NULL_RETURN.errors.xml:</SPAN></FONT></P></DIV>=0A=
<DIV>=0A=
<P class=3DMsoNormal><FONT face=3D"Times New Roman" size=3D3><SPAN =
style=3D"FONT-SIZE: 12pt"></SPAN></FONT>&nbsp;</P></DIV>=0A=
<DIV>=0A=
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">&lt;file&gt;/perforce/trees2/FB-DELOREAN/nfx-tree/code/sm-malloc/m=
alloc-api.c&lt;/file&gt;<BR>&lt;md5&gt;60f185aa9273ad83eb54e87978040e3a&l=
t;/md5&gt;<BR>&lt;function&gt;eee_ramAllocZero&lt;/function&gt;<BR>&lt;id=
&gt;2&lt;/id&gt;<BR>&lt;/model_ptr&gt;<BR>&lt;/event&gt;<BR>&lt;event&gt;=
<BR>&lt;tag&gt;var_assigned&lt;/tag&gt;<BR>&lt;description&gt;Variable =
&amp;quot;resp&amp;quot; assigned to NULL return value from =
&amp;quot;eee_ramAllocZero&amp;quot;&lt;/description&gt;<BR>&lt;line&gt;3=
60&lt;/line&gt;<BR>&lt;/event&gt;<BR>&lt;event&gt;<BR>&lt;tag&gt;derefere=
nce&lt;/tag&gt;<BR>&lt;description&gt;Dereferencing NULL value =
&amp;quot;resp&amp;quot;&lt;/description&gt;<BR>&lt;line&gt;389&lt;/line&=
gt;<BR>&lt;/event&gt;<BR>&lt;/error&gt;<BR>&lt;error&gt;<BR>&lt;checker&g=
t;NULL_RETURNS&lt;/checker&gt;</SPAN></FONT></P></DIV>=0A=
<DIV>=0A=
<P class=3DMsoNormal><FONT face=3D"Times New Roman" size=3D3><SPAN =
style=3D"FONT-SIZE: 12pt"></SPAN></FONT>&nbsp;</P></DIV>=0A=
<DIV>=0A=
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">So in this example you can =
see that at line 360 of malloc-api.c in the function eee_ramAllocZero a =
variable takes a path where it could be set to null and at line 389 that =
potentially null value is dereferenced.</SPAN></FONT></P></DIV>=0A=
<DIV>=0A=
<P class=3DMsoNormal><FONT face=3D"Times New Roman" size=3D3><SPAN =
style=3D"FONT-SIZE: 12pt"></SPAN></FONT>&nbsp;</P></DIV>=0A=
<DIV>=0A=
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">So in theory you can do =
cov-build and cov-analyze and then parse the XML output and have a =
command line only interface. I do not believe the license is node =
locked, so we can probably get it installed on compile2 if you wanted =
Max.</SPAN></FONT></P></DIV></DIV>=0A=
<DIV>=0A=
<P class=3DMsoNormal><FONT face=3D"Times New Roman" size=3D3><SPAN =
style=3D"FONT-SIZE: 12pt"></SPAN></FONT>&nbsp;</P></DIV>=0A=
<DIV>=0A=
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Any other questions please =
let me know, thanks.</SPAN></FONT></P></DIV>=0A=
<DIV>=0A=
<P class=3DMsoNormal><FONT face=3D"Times New Roman" size=3D3><SPAN =
style=3D"FONT-SIZE: 12pt"></SPAN></FONT>&nbsp;</P></DIV>=0A=
<DIV>=0A=
<P class=3DMsoNormal><FONT face=3DArial size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">-Ken</SPAN></FONT></P></DIV>=0A=
<DIV>=0A=
<P class=3DMsoNormal><FONT face=3D"Times New Roman" size=3D3><SPAN =
style=3D"FONT-SIZE: 12pt"></SPAN></FONT>&nbsp;</P></DIV>=0A=
<DIV>=0A=
<DIV class=3DMsoNormal style=3D"TEXT-ALIGN: center" align=3Dcenter><FONT =
face=3D"Times New Roman" size=3D3><SPAN style=3D"FONT-SIZE: 12pt">=0A=
<HR tabIndex=3D-1 align=3Dcenter width=3D"100%" SIZE=3D2>=0A=
</SPAN></FONT></DIV></DIV>=0A=
<DIV>=0A=
<P class=3DMsoNormal style=3D"MARGIN-BOTTOM: 12pt"><B><FONT =
face=3DTahoma size=3D2><SPAN style=3D"FONT-WEIGHT: bold; FONT-SIZE: =
10pt; FONT-FAMILY: Tahoma">From:</SPAN></FONT></B><FONT face=3DTahoma =
size=3D2><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Tahoma"> Maxim =
Kozlovsky<BR><B><SPAN style=3D"FONT-WEIGHT: bold">Sent:</SPAN></B> Thu =
5/10/2007 1:20 PM<BR><B><SPAN style=3D"FONT-WEIGHT: bold">To:</SPAN></B> =
Ken Renshaw; dl-Software<BR><B><SPAN style=3D"FONT-WEIGHT: =
bold">Subject:</SPAN></B> running coverity =
locally</SPAN></FONT></P></DIV>=0A=
<DIV>=0A=
<P><FONT face=3DArial size=3D2><SPAN style=3D"FONT-SIZE: 10pt; =
FONT-FAMILY: Arial">Hello,</SPAN></FONT></P>=0A=
<P><FONT face=3DArial size=3D2><SPAN style=3D"FONT-SIZE: 10pt; =
FONT-FAMILY: Arial">Is it possible to run coverity on local workstation =
without going through the fancy http</SPAN></FONT> <FONT face=3DArial =
size=3D2><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: =
Arial">interface</SPAN></FONT> <FONT face=3DArial size=3D2><SPAN =
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">and without storing the =
results in the database? If yes, whom do I see to get it installed =
on</SPAN></FONT> <FONT face=3DArial size=3D2><SPAN style=3D"FONT-SIZE: =
10pt; FONT-FAMILY: Arial">compile2?</SPAN></FONT></P>=0A=
<P><FONT face=3DArial size=3D2><SPAN style=3D"FONT-SIZE: 10pt; =
FONT-FAMILY: Arial">Max</SPAN></FONT></P></DIV></DIV></DIV></BODY></HTML>
------_=_NextPart_001_01C79717.D46083F4--
