As an aside, I notice that they seem to have enabled scanning of Java
projects as well as C++ now... we should maybe look to see what a coverity
scan of the Java code looks like

-- Rob


On 2 July 2013 16:16, Ken Giusti <kgiu...@redhat.com> wrote:

> Hi Steve,
>
> I've made a minor code change that seems to eliminate those locking false
> positives:
>
> http://svn.apache.org/viewvc?view=revision&revision=1498926
>
> I've tried it against a local installation of Coverity.  When you have a
> chance, can you kick off a coverity scan of upstream and see if we get the
> same results?  If it eliminates the false positives, I'd consider
> Coverity's behavior buggy and would like to report it.
>
> BTW, I had no luck coming up with a model that would fix the issue.  The
> tools don't give any (obvious) feedback as to how it's interpreting the
> model - or any way that I could find that would enable debugging of the
> model to find out what it was actually doing.
>
> -K
>
>
> ----- Original Message -----
> > From: "Ken Giusti" <kgiu...@redhat.com>
> > To: dev@qpid.apache.org
> > Cc: shus...@riverace.com
> > Sent: Monday, July 1, 2013 6:46:55 PM
> > Subject: Re: New Defects reported by Coverity Scan for Apache-Qpid
> >
> > Ok - I'll give it a go, stay tuned.
> >
> > -K
> >
> > ----- Original Message -----
> > > From: "Steve Huston" <shus...@riverace.com>
> > > To: dev@qpid.apache.org
> > > Sent: Monday, July 1, 2013 2:32:14 PM
> > > Subject: RE: New Defects reported by Coverity Scan for Apache-Qpid
> > >
> > > Yes, there is a way - I can do it, probably because I'm the admin for
> the
> > > project. If you create one, I'll set it up.
> > >
> > > > -----Original Message-----
> > > > From: Ken Giusti [mailto:kgiu...@redhat.com]
> > > > Sent: Monday, July 01, 2013 2:11 PM
> > > > To: dev@qpid.apache.org
> > > > Subject: Re: New Defects reported by Coverity Scan for Apache-Qpid
> > > >
> > > > Hi Steve,
> > > >
> > > > I've marked that particular error as "false positive" in Coverity
> > > > Connect,
> > > > but
> > > > from what I can tell, the "right" way to fix such lock wrapper
> classes is
> > > > to
> > > > create a "model" for those wrapper classes.  There's some
> documentation
> > > > here:
> > > >
> > > >
> http://scan5.coverity.com:8080/docs/en/cov_checker_ref.html#static_c_ch
> > > > ecker_LOCK
> > > >
> > > >
> > > > Is there a way to configure a model file for the coverity checker?  A
> > > > quick
> > > > look
> > > > at our project page on the coverity web site didn't seem to allow
> that.
> > > >
> > > >
> > > > ----- Original Message -----
> > > > > From: "Steve Huston" <shus...@riverace.com>
> > > > > To: dev@qpid.apache.org
> > > > > Sent: Monday, July 1, 2013 1:18:58 PM
> > > > > Subject: RE: New Defects reported by Coverity Scan for Apache-Qpid
> > > > >
> > > > > I agree, Ken. If anyone knows how to make Coverity stop this,
> please
> > > > > let me know. Else I'll check into it. I know there are a few ways
> to
> > > > > mark things as false positive.
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Ken Giusti [mailto:kgiu...@redhat.com]
> > > > > > Sent: Monday, July 01, 2013 1:17 PM
> > > > > > To: Qpid Dev
> > > > > > Subject: Re: New Defects reported by Coverity Scan for
> Apache-Qpid
> > > > > >
> > > > > > Unless I'm missing something subtle, this appears to be a false
> > > > > > positive.
> > > > > >
> > > > > > Coverity marked a few uses of ScopedLock with this error, but not
> > > > > > all, which seems curious.
> > > > > >
> > > > > > -K
> > > > > >
> > > > > >
> > > > > > ----- Forwarded Message -----
> > > > > > > From: scan-ad...@coverity.com
> > > > > > > To: dev@qpid.apache.org
> > > > > > > Sent: Sunday, June 30, 2013 5:39:43 PM
> > > > > > > Subject: New Defects reported by Coverity Scan for Apache-Qpid
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > > >
> > > > > >
> > > > __________________________________________________________
> > > > > > ____________
> > > > > > > __
> > > > > > > CID 1040637: Missing unlock (LOCK)
> > > > > > >
> > > > > > >
> > > > /qpidbuilds/trunk/qpid/cpp/src/qpid/broker/amqp_0_10/Connection.cpp:
> > > > > > > 379 (
> > > > > > > lock)
> > > > > > >    376
> > > > > > >    377    void Connection::doIoCallbacks() {
> > > > > > >    378        if (!isOpen()) return; // Don't process IO
> callbacks
> > > > > > >    until
> > > > > > >    we
> > > > > > >    are open.
> > > > > > > >>>
> > > > > >
> "qpid::sys::ScopedLock<qpid::sys::Mutex>::ScopedLock(qpid::sys::Mute
> > > > > > x
> > > > > > &)"
> > > > > > > >>> locks "this->ioCallbackLock.mutex".
> > > > > > >    379        ScopedLock<Mutex> l(ioCallbackLock);
> > > > > > >    380        while (!ioCallbacks.empty()) {
> > > > > > >    381            boost::function0<void> cb =
> ioCallbacks.front();
> > > > > > >    382            ioCallbacks.pop();
> > > > > > >    383            ScopedUnlock<Mutex> ul(ioCallbackLock);
> > > > > > >
> > > > > > >
> > > > > > >
> > > > /qpidbuilds/trunk/qpid/cpp/src/qpid/broker/amqp_0_10/Connection.cpp:
> > > > > > > 386 (
> > > > > > > missing_unlock)
> > > > > > >    383            ScopedUnlock<Mutex> ul(ioCallbackLock);
> > > > > > >    384            cb(); // Lend the IO thread for management
> > > > > > >    processing
> > > > > > >    385        }
> > > > > > > >>> CID 1040637: Missing unlock (LOCK) Returning without
> unlocking
> > > > > > > >>> "this->ioCallbackLock.mutex".
> > > > > > >    386    }
> > > > > > >    387
> > > > > > >    388    bool Connection::doOutput() {
> > > > > > >    389        try {
> > > > > > >    390            doIoCallbacks();
> > > > > > >
> > > > > > >
> > > > > >
> > > > __________________________________________________________
> > > > > > ____________
> > > > > > > __ To view the defects in Coverity Scan visit,
> > > > > > > http://scan.coverity.com
> > > > > > >
> > > > > > > To unsubscribe from the email notification for new defects,
> > > > > > > http://scan5.coverity.com/cgi-bin/unsubscribe.py
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> --------------------------------------------------------------------
> > > > > > - To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For
> > > > > > additional commands, e-mail: dev-h...@qpid.apache.org
> > > > >
> > > > >
> > > > >
> ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For
> additional
> > > > > commands, e-mail: dev-h...@qpid.apache.org
> > > > >
> > > >
> > > > --
> > > > -K
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For
> additional
> > > > commands, e-mail: dev-h...@qpid.apache.org
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
> > > For additional commands, e-mail: dev-h...@qpid.apache.org
> > >
> >
> > --
> > -K
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
> > For additional commands, e-mail: dev-h...@qpid.apache.org
> >
> >
>
> --
> -K
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
> For additional commands, e-mail: dev-h...@qpid.apache.org
>
>

Reply via email to