Re: [gpsd-dev] wsg_separation Issue

[Bywater, Rick (SA-1)]

Eric,

I looked into the clock_gettime issue a bit more.  I am not sure why, but
scons did not configure correctly.  I re-ran it with --config=force and it
built clean.  So, I re-ran Coverity with the corrected build.  You can find
the new results attached.  

It appears that my build failing before prevented scanning of all of the
files as now there are quite a few more issues detected.

Thanks,
Rick

-----Original Message-----
From: Eric S. Raymond [mailto:address@hidden 
Sent: Tuesday, May 08, 2012 1:02 AM
To: Bywater, Rick (SA-1)
Cc: address@hidden
Subject: Re: [gpsd-dev] wsg_separation Issue

Bywater, Rick (SA-1) <address@hidden>:
> Here is a log of a Coverity run on the head as of this morning.  The 
> gpsd.log contains the output from the cov-build while gpsd.log2 
> contains the cov-analyze output.

Thank you very much.  I would be delighted to help you complete this
analysis by annotating the code in whatever ways might help.

I might be able to help you achieve your objectives better if I understood
why you're being asked to scan GPSD.  Who needs careful verification of this
code, and why?  (Er, if it helps, I already know it's used in military
systems.)

> I was going to attach the full c/ directory that Coverity generates so 
> you could see the issues, but the tgz file was over 12 MB and I was 
> afraid that would be rejected by the mailing list.  If you would like 
> that output and the list server is ok with a 12 MB file, let me know 
> and I will post it.  If the list server will reject that size of an 
> upload, let me know where you would like the results posted and I will get
them uploaded.

Please mail them to me at address@hidden  I don't think my personal
mailserver will barf.

Hm.  I note a link failure due to clock_gettime() reference.  Do you get
this from a regular build, or is it in the Coverity environment only?  If
so, is there an #ifdef I can use to condition out that call?

This is interesting...

Analysis summary report:
------------------------
Files analyzed                  : 86
Total LoC input to cov-analyze  : 72824
Functions analyzed              : 585
Classes/structs analyzed        : 128
Paths analyzed                  : 125590
Time taken by Coverity analysis : 00:01:22
Defect occurrences found        : 45 Total
                                   2 BAD_SIZEOF
                                   2 CHECKED_RETURN
                                   4 CONSTANT_EXPRESSION_RESULT
                                   3 DEADCODE
                                  12 FORWARD_NULL
                                   1 INFINITE_LOOP
                                   1 NEGATIVE_RETURNS
                                   1 NULL_RETURNS
                                   1 OVERRUN_DYNAMIC
                                   3 OVERRUN_STATIC
                                   6 RESOURCE_LEAK
                                   1 REVERSE_INULL
                                   7 UNINIT
                                   1 UNREACHABLE

Exceeded path limit of 5000 paths in 1.88% of functions (normally up to 5%
of functions encounter this limitation)

A gross defect rate of 1 per 1618 lines already makes me pretty happy, and
it's likely from my one previous experience of a full scan that some of
those are false positives. Let's see what we can do to filter out the noise,
shall we?
-- 
                <a href="http://www.catb.org/~esr/";>Eric S. Raymond</a>

NOTICE: This e-mail transmission (and/or the attachments accompanying it) may 
contain confidential or proprietary information belonging to DRS Technologies 
or the sender. The information is only for the use of the intended recipient. 
If you are not the intended recipient you are hereby notified that any 
disclosure, copying, distribution or the taking of any action in reliance on 
the contents of this information is strictly prohibited. Any unauthorized 
interception of this transmission is illegal under the law. If you have 
received this transmission in error, please promptly notify the sender by reply 
e-mail, and then destroy all copies of the transmission.

"This (document/presentation) may contain technical data as defined in the 
International Traffic In Arms Regulations (ITAR) 22 CFR 120.10. Export of this 
material is restricted by the Arms Export Control Act (22 U.S.C. 2751 et seq.) 
and may not be exported to foreign persons without prior written approval from 
the U.S. Department of State."

gpsd.log_retry
Description: Binary data

gpsd.log2_retry
Description: Binary data

smime.p7s
Description: S/MIME cryptographic signature