X-MimeOLE: Produced By Microsoft Exchange V6.5
Received: by onstor-exch02.onstor.net 
	id <01C79686.8E94E439@onstor-exch02.onstor.net>; Mon, 14 May 2007 17:18:26 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C79686.8E94E439"
Content-class: urn:content-classes:message
Subject: RE: running coverity locally
Date: Mon, 14 May 2007 17:18:26 -0700
Message-ID: <BB375AF679D4A34E9CA8DFA650E2B04E02F3D0A2@onstor-exch02.onstor.net>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: running coverity locally
Thread-Index: AceTQJksMU7jjQGzS5ywCB1Xxo04IgDRCdlX
References: <BB375AF679D4A34E9CA8DFA650E2B04E03A8DFE9@onstor-exch02.onstor.net>
From: "Ken Renshaw" <ken.renshaw@onstor.com>
To: "Maxim Kozlovsky" <maxim.kozlovsky@onstor.com>,
	"dl-Software" <dl-software@onstor.com>
Cc: "Ken Renshaw" <ken.renshaw@onstor.com>

This is a multi-part message in MIME format.

------_=_NextPart_001_01C79686.8E94E439
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

The short answer is no, the product is designed to commit the output of =
the analyses into the database prior to rendering to the browser.
=20
However....
=20
I poked around behind the curtain and there is a possible 'maybe' answer =
for you. When I do a run the three commands that get run sequentially =
from the command line are:
=20
cov-build
cov-analyze
cov-commit-defects
=20
Then you view them through the browser.=20
=20
However, the output of the cov-analyze command is a set of XML files, =
one for each checker, i.e. NULL_FORWARD, RESOURCE_LEAK, etc. The =
contents of that XML file show the instances in each file and function =
that contains the defect, an example of one is this snippet from =
NULL_RETURN.errors.xml:
=20
<file>/perforce/trees2/FB-DELOREAN/nfx-tree/code/sm-malloc/malloc-api.c</=
file>
<md5>60f185aa9273ad83eb54e87978040e3a</md5>
<function>eee_ramAllocZero</function>
<id>2</id>
</model_ptr>
</event>
<event>
<tag>var_assigned</tag>
<description>Variable &quot;resp&quot; assigned to NULL return value =
from &quot;eee_ramAllocZero&quot;</description>
<line>360</line>
</event>
<event>
<tag>dereference</tag>
<description>Dereferencing NULL value &quot;resp&quot;</description>
<line>389</line>
</event>
</error>
<error>
<checker>NULL_RETURNS</checker>

=20
So in this example you can see that at line 360 of malloc-api.c in the =
function eee_ramAllocZero a variable takes a path where it could be set =
to null and at line 389 that potentially null value is dereferenced.
=20
So in theory you can do cov-build and cov-analyze and then parse the XML =
output and have a command line only interface. I do not believe the =
license is node locked, so we can probably get it installed on compile2 =
if you wanted Max.
=20
Any other questions please let me know, thanks.
=20
-Ken

________________________________

From: Maxim Kozlovsky
Sent: Thu 5/10/2007 1:20 PM
To: Ken Renshaw; dl-Software
Subject: running coverity locally



Hello,

Is it possible to run coverity on local workstation without going =
through the fancy http interface and without storing the results in the =
database? If yes, whom do I see to get it installed on compile2?

Max


------_=_NextPart_001_01C79686.8E94E439
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<HTML dir=3Dltr><HEAD><TITLE>running coverity locally</TITLE>=0A=
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dunicode">=0A=
<META content=3D"MSHTML 6.00.2900.2853" name=3DGENERATOR></HEAD>=0A=
<BODY>=0A=
<DIV id=3DidOWAReplyText15294 dir=3Dltr>=0A=
<DIV dir=3Dltr><FONT face=3DArial color=3D#000000 size=3D2>The short =
answer is no, the product is designed to commit the output of the =
analyses into the database prior to rendering to the =
browser.</FONT></DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial size=3D2>However....</FONT></DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial size=3D2>I poked around behind the =
curtain and there is a possible 'maybe' answer for you. When I do a run =
the three commands that get run sequentially from the command line =
are:</FONT></DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial size=3D2>cov-build</FONT></DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial size=3D2>cov-analyze</FONT></DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial =
size=3D2>cov-commit-defects</FONT></DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial size=3D2>Then you view them through =
the browser. </FONT></DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial size=3D2>However, the output of the =
cov-analyze command is a set of XML files, one for each checker, i.e. =
NULL_FORWARD, RESOURCE_LEAK, etc. The contents of that XML file show the =
instances in each file and function that contains the defect, an example =
of one is this snippet from NULL_RETURN.errors.xml:</FONT></DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial =
size=3D2>&lt;file&gt;/perforce/trees2/FB-DELOREAN/nfx-tree/code/sm-malloc=
/malloc-api.c&lt;/file&gt;<BR>&lt;md5&gt;60f185aa9273ad83eb54e87978040e3a=
&lt;/md5&gt;<BR>&lt;function&gt;eee_ramAllocZero&lt;/function&gt;<BR>&lt;=
id&gt;2&lt;/id&gt;<BR>&lt;/model_ptr&gt;<BR>&lt;/event&gt;<BR>&lt;event&g=
t;<BR>&lt;tag&gt;var_assigned&lt;/tag&gt;<BR>&lt;description&gt;Variable =
&amp;quot;resp&amp;quot; assigned to NULL return value from =
&amp;quot;eee_ramAllocZero&amp;quot;&lt;/description&gt;<BR>&lt;line&gt;3=
60&lt;/line&gt;<BR>&lt;/event&gt;<BR>&lt;event&gt;<BR>&lt;tag&gt;derefere=
nce&lt;/tag&gt;<BR>&lt;description&gt;Dereferencing NULL value =
&amp;quot;resp&amp;quot;&lt;/description&gt;<BR>&lt;line&gt;389&lt;/line&=
gt;<BR>&lt;/event&gt;<BR>&lt;/error&gt;<BR>&lt;error&gt;<BR>&lt;checker&g=
t;NULL_RETURNS&lt;/checker&gt;<BR></FONT></DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial size=3D2>So in this example you can =
see that at line 360 of malloc-api.c in the function eee_ramAllocZero a =
variable takes a path where it could be set to null and at line 389 that =
potentially null value is dereferenced.</FONT></DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial size=3D2>So in theory you can do =
cov-build and cov-analyze and then parse the XML output and have a =
command line only interface. I do not believe the license is node =
locked, so we can probably get it installed on compile2 if you wanted =
Max.</FONT></DIV><FONT face=3DArial size=3D2></FONT></DIV>=0A=
<DIV dir=3Dltr>&nbsp;</DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial size=3D2>Any other questions please =
let me know, thanks.</FONT></DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>=0A=
<DIV dir=3Dltr><FONT face=3DArial size=3D2>-Ken</FONT></DIV>=0A=
<DIV dir=3Dltr><BR></DIV>=0A=
<DIV dir=3Dltr>=0A=
<HR tabIndex=3D-1>=0A=
</DIV>=0A=
<DIV dir=3Dltr><FONT face=3DTahoma size=3D2><B>From:</B> Maxim =
Kozlovsky<BR><B>Sent:</B> Thu 5/10/2007 1:20 PM<BR><B>To:</B> Ken =
Renshaw; dl-Software<BR><B>Subject:</B> running coverity =
locally<BR></FONT><BR></DIV>=0A=
<DIV>=0A=
<P dir=3Dltr><SPAN lang=3Den-us></SPAN><SPAN lang=3Den-us><FONT =
face=3DArial size=3D2>Hello,</FONT></SPAN><SPAN =
lang=3Den-us></SPAN><SPAN lang=3Den-us></SPAN></P>=0A=
<P dir=3Dltr><SPAN lang=3Den-us></SPAN><SPAN lang=3Den-us></SPAN></P>=0A=
<P dir=3Dltr><SPAN lang=3Den-us><FONT face=3DArial size=3D2>Is it =
possible to run coverity on local workstation without going through the =
fancy http</FONT></SPAN><SPAN lang=3Den-us></SPAN><SPAN lang=3Den-us> =
<FONT face=3DArial size=3D2>interface</FONT></SPAN><SPAN =
lang=3Den-us></SPAN><SPAN lang=3Den-us> <FONT face=3DArial size=3D2>and =
without storing the results in the database? If yes, whom do I see to =
get it installed on</FONT></SPAN><SPAN lang=3Den-us></SPAN><SPAN =
lang=3Den-us> <FONT face=3DArial size=3D2>compile2?</FONT></SPAN></P>=0A=
<P dir=3Dltr><SPAN lang=3Den-us><FONT face=3DArial =
size=3D2>Max</FONT></SPAN><SPAN lang=3Den-us></SPAN><SPAN =
lang=3Den-us></SPAN></P></DIV></BODY></HTML>
------_=_NextPart_001_01C79686.8E94E439--
