X-MimeOLE: Produced By Microsoft Exchange V6.5
Received: by onstor-exch02.onstor.net 
	id <01C79713.68A285D2@onstor-exch02.onstor.net>; Tue, 15 May 2007 10:06:41 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C79713.68A285D2"
Content-class: urn:content-classes:message
Subject: RE: running coverity locally
Date: Tue, 15 May 2007 10:06:41 -0700
Message-ID: <BB375AF679D4A34E9CA8DFA650E2B04E03B6EA60@onstor-exch02.onstor.net>
In-Reply-To: <BB375AF679D4A34E9CA8DFA650E2B04E02F3D0A2@onstor-exch02.onstor.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: running coverity locally
Thread-Index: AceTQJksMU7jjQGzS5ywCB1Xxo04IgDRCdlXACLPueA=
References: <BB375AF679D4A34E9CA8DFA650E2B04E03A8DFE9@onstor-exch02.onstor.net> <BB375AF679D4A34E9CA8DFA650E2B04E02F3D0A2@onstor-exch02.onstor.net>
From: "Maxim Kozlovsky" <maxim.kozlovsky@onstor.com>
To: "Ken Renshaw" <ken.renshaw@onstor.com>,
	"dl-Software" <dl-software@onstor.com>

This is a multi-part message in MIME format.

------_=_NextPart_001_01C79713.68A285D2
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Well, it is hard to say what is harder, parsing the XML files or
clicking through the browser.

=20

Assuming that I'll click through the browser; do I (or any other
developers) have the permissions to commit the results to the database?=20

=20

To be able to follow through the links, the files used for the
compilation should be accessible on the machine that is running coverity
database with the same path. Do we have the home directories mounted on
this machine?

=20

To allow rebuilding only part of the code in developer's build, there is
a feature described in section 4.8.2 of the help to collect the models
from the previous runs - "cov-collect-models". Can we include this step
in the nightly runs and export the directory where these files are
stored through NFS?

=20

Side note: in the runs that you are doing it does not make sense to run
coverity over whole product. There are some functions on SSC and EEE
with identical names but different properties. This confuses coverity
into false conclusions. There should be two separate runs, for SSC and
EEE.=20

=20

________________________________

From: Ken Renshaw=20
Sent: Monday, May 14, 2007 5:18 PM
To: Maxim Kozlovsky; dl-Software
Cc: Ken Renshaw
Subject: RE: running coverity locally

=20

The short answer is no, the product is designed to commit the output of
the analyses into the database prior to rendering to the browser.

=20

However....

=20

I poked around behind the curtain and there is a possible 'maybe' answer
for you. When I do a run the three commands that get run sequentially
from the command line are:

=20

cov-build

cov-analyze

cov-commit-defects

=20

Then you view them through the browser.=20

=20

However, the output of the cov-analyze command is a set of XML files,
one for each checker, i.e. NULL_FORWARD, RESOURCE_LEAK, etc. The
contents of that XML file show the instances in each file and function
that contains the defect, an example of one is this snippet from
NULL_RETURN.errors.xml:

=20

<file>/perforce/trees2/FB-DELOREAN/nfx-tree/code/sm-malloc/malloc-api.c<
/file>
<md5>60f185aa9273ad83eb54e87978040e3a</md5>
<function>eee_ramAllocZero</function>
<id>2</id>
</model_ptr>
</event>
<event>
<tag>var_assigned</tag>
<description>Variable &quot;resp&quot; assigned to NULL return value
from &quot;eee_ramAllocZero&quot;</description>
<line>360</line>
</event>
<event>
<tag>dereference</tag>
<description>Dereferencing NULL value &quot;resp&quot;</description>
<line>389</line>
</event>
</error>
<error>
<checker>NULL_RETURNS</checker>

=20

So in this example you can see that at line 360 of malloc-api.c in the
function eee_ramAllocZero a variable takes a path where it could be set
to null and at line 389 that potentially null value is dereferenced.

=20

So in theory you can do cov-build and cov-analyze and then parse the XML
output and have a command line only interface. I do not believe the
license is node locked, so we can probably get it installed on compile2
if you wanted Max.

=20

Any other questions please let me know, thanks.

=20

-Ken

=20

________________________________

From: Maxim Kozlovsky
Sent: Thu 5/10/2007 1:20 PM
To: Ken Renshaw; dl-Software
Subject: running coverity locally

Hello,

Is it possible to run coverity on local workstation without going
through the fancy http interface and without storing the results in the
database? If yes, whom do I see to get it installed on compile2?

Max


------_=_NextPart_001_01C79713.68A285D2
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=3DContent-Type content=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<title>running coverity locally</title>
<style>
<!--
 /* Font Definitions */
 @font-face
	{font-family:Tahoma;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:12.0pt;
	font-family:"Times New Roman";}
a:link, span.MsoHyperlink
	{color:blue;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{color:purple;
	text-decoration:underline;}
p
	{mso-margin-top-alt:auto;
	margin-right:0in;
	mso-margin-bottom-alt:auto;
	margin-left:0in;
	font-size:12.0pt;
	font-family:"Times New Roman";}
span.EmailStyle18
	{mso-style-type:personal-reply;
	font-family:Arial;
	color:navy;}
@page Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
	{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
 <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
 <o:shapelayout v:ext=3D"edit">
  <o:idmap v:ext=3D"edit" data=3D"1" />
 </o:shapelayout></xml><![endif]-->
</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Well, it is hard to say what is =
harder,
parsing the XML files or clicking through the =
browser.<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Assuming that I&#8217;ll click =
through the
browser; do I (or any other developers) have the permissions to commit =
the
results to the database? <o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>To be able to follow through the =
links,
the files used for the compilation should be accessible on the machine =
that is
running coverity database with the same path. Do we have the home =
directories
mounted on this machine?<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>To allow rebuilding only part of =
the code
in developer&#8217;s build, there is a feature described in section =
4.8.2 of
the help to collect the models from the previous runs &#8211; =
&#8220;cov-collect-models&#8221;.
Can we include this step in the nightly runs and export the directory =
where these
files are stored through NFS?<o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Side note: in the runs that you are =
doing
it does not make sense to run coverity over whole product. There are =
some
functions on SSC and EEE with identical names but different properties. =
This
confuses coverity into false conclusions. There should be two separate =
runs,
for SSC and EEE. <o:p></o:p></span></font></p>

<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:navy'><o:p>&nbsp;</o:p></span></font></p>

<div>

<div class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><font =
size=3D3
face=3D"Times New Roman"><span style=3D'font-size:12.0pt'>

<hr size=3D2 width=3D"100%" align=3Dcenter tabindex=3D-1>

</span></font></div>

<p class=3DMsoNormal><b><font size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font =
size=3D2
face=3DTahoma><span style=3D'font-size:10.0pt;font-family:Tahoma'> Ken =
Renshaw <br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> Monday, May 14, =
2007 5:18 PM<br>
<b><span style=3D'font-weight:bold'>To:</span></b> Maxim Kozlovsky; =
dl-Software<br>
<b><span style=3D'font-weight:bold'>Cc:</span></b> Ken Renshaw<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> RE: running =
coverity
locally</span></font><o:p></o:p></p>

</div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'><o:p>&nbsp;</o:p></span></font></p>

<div id=3DidOWAReplyText15294>

<div>

<p class=3DMsoNormal><font size=3D2 color=3Dblack face=3DArial><span =
style=3D'font-size:
10.0pt;font-family:Arial;color:black'>The short answer is no, the =
product is
designed to commit the output of the analyses into the database prior to
rendering to the browser.</span></font><o:p></o:p></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>However....</span></font><o:p></o:p></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>I poked around behind the curtain and there is a =
possible
'maybe' answer for you. When I do a run the three commands that get run
sequentially from the command line are:</span></font><o:p></o:p></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>cov-build</span></font><o:p></o:p></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>cov-analyze</span></font><o:p></o:p></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>cov-commit-defects</span></font><o:p></o:p></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Then you view them through the browser. =
</span></font><o:p></o:p></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>However, the output of the cov-analyze command is a =
set of
XML files, one for each checker, i.e. NULL_FORWARD, RESOURCE_LEAK, etc. =
The
contents of that XML file show the instances in each file and function =
that
contains the defect, an example of one is this snippet from
NULL_RETURN.errors.xml:</span></font><o:p></o:p></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>&lt;file&gt;/perforce/trees2/FB-DELOREAN/nfx-tree/code=
/sm-malloc/malloc-api.c&lt;/file&gt;<br>
&lt;md5&gt;60f185aa9273ad83eb54e87978040e3a&lt;/md5&gt;<br>
&lt;function&gt;eee_ramAllocZero&lt;/function&gt;<br>
&lt;id&gt;2&lt;/id&gt;<br>
&lt;/model_ptr&gt;<br>
&lt;/event&gt;<br>
&lt;event&gt;<br>
&lt;tag&gt;var_assigned&lt;/tag&gt;<br>
&lt;description&gt;Variable &amp;quot;resp&amp;quot; assigned to NULL =
return
value from &amp;quot;eee_ramAllocZero&amp;quot;&lt;/description&gt;<br>
&lt;line&gt;360&lt;/line&gt;<br>
&lt;/event&gt;<br>
&lt;event&gt;<br>
&lt;tag&gt;dereference&lt;/tag&gt;<br>
&lt;description&gt;Dereferencing NULL value
&amp;quot;resp&amp;quot;&lt;/description&gt;<br>
&lt;line&gt;389&lt;/line&gt;<br>
&lt;/event&gt;<br>
&lt;/error&gt;<br>
&lt;error&gt;<br>
&lt;checker&gt;NULL_RETURNS&lt;/checker&gt;</span></font><o:p></o:p></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>So in this example you can see that at line 360 of
malloc-api.c in the function eee_ramAllocZero a variable takes a path =
where it
could be set to null and at line 389 that potentially null value is
dereferenced.</span></font><o:p></o:p></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>So in theory you can do cov-build and cov-analyze and =
then
parse the XML output and have a command line only interface. I do not =
believe
the license is node locked, so we can probably get it installed on =
compile2 if
you wanted Max.</span></font><o:p></o:p></p>

</div>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>Any other questions please let me know, =
thanks.</span></font><o:p></o:p></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'>&nbsp;<o:p></o:p></span></font></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>-Ken</span></font><o:p></o:p></p>

</div>

<div>

<p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span =
style=3D'font-size:
12.0pt'><o:p>&nbsp;</o:p></span></font></p>

</div>

<div>

<div class=3DMsoNormal align=3Dcenter style=3D'text-align:center'><font =
size=3D3
face=3D"Times New Roman"><span style=3D'font-size:12.0pt'>

<hr size=3D2 width=3D"100%" align=3Dcenter tabIndex=3D-1>

</span></font></div>

</div>

<div>

<p class=3DMsoNormal style=3D'margin-bottom:12.0pt'><b><font size=3D2 =
face=3DTahoma><span
style=3D'font-size:10.0pt;font-family:Tahoma;font-weight:bold'>From:</spa=
n></font></b><font
size=3D2 face=3DTahoma><span =
style=3D'font-size:10.0pt;font-family:Tahoma'> Maxim
Kozlovsky<br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> Thu 5/10/2007 1:20 =
PM<br>
<b><span style=3D'font-weight:bold'>To:</span></b> Ken Renshaw; =
dl-Software<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> running coverity =
locally</span></font><o:p></o:p></p>

</div>

<div>

<p><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>Hello,</span></font><o:p></o=
:p></p>

<p><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>Is
it possible to run coverity on local workstation without going through =
the
fancy http</span></font> <font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'>interface</span></font> <font size=3D2 =
face=3DArial><span
style=3D'font-size:10.0pt;font-family:Arial'>and without storing the =
results in
the database? If yes, whom do I see to get it installed on</span></font> =
<font
size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>compile2?</span></font><o:p>=
</o:p></p>

<p><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;font-family:Arial'>Max</span></font><o:p></o:p>=
</p>

</div>

</div>

</body>

</html>

------_=_NextPart_001_01C79713.68A285D2--
