Hello I looked at the full list of warnings. It doesn't look like this tool will be very useful to hwloc. Many warnings are false-positive caused by the lack of precise control flow analysis (dead code, leaks). Also the report isn't precise enough to explain which control-flow would actually cause a leak. Coverity Scan does a much better job at detecting and reporting these and I already try to fix all warnings it reports.
Also the tool lacks some understanding of how some APIs work. For instance it knows posix_memalign() allocates things but doesn't know that it doesn't allocate when it returns non-0. Or it complains about pthread_mutex() return values without looking at how we initialized the mutex. Finally some warnings seem Microsoft-specific :) Function 'memcpy' is deprecated. Replace with more secure equivalent like 'memcpy_s', add missing logic, or re-architect. Function 'sprintf' is deprecated. Replace with more secure equivalent like 'sprintf_s', add missing logic, or re-architect. Coverity lets you mark some warnings as false-positive so that next runs don't report them. If you can hide all the above, we could look at the remaining ones. But right now there are so many warnings that it's hard to focus on the real bugs :/ Brice Le 12/01/2016 14:26, Odzioba, Lukasz a écrit : > Hi, > I use klocwork, which doesn't mean it is better it just reports different > subset of potential errors. > > Ignoring malloc errors is your design decision, I don't mind it. > From debugging perspective it makes it easier to track it down since you have > null ptr dereference somewhere near malloc . > Malloc might start failing as well as just fail once in process live (i.e. > some other process requested free memory for a short period of time), if an > app is able to survive it's nice if not then well we have to live with that. > > Thanks, > Lukas > > > -----Original Message----- > From: hwloc-devel [mailto:hwloc-devel-boun...@open-mpi.org] On Behalf Of > Brice Goglin > Sent: Tuesday, January 12, 2016 12:57 PM > To: hwloc-de...@open-mpi.org > Subject: Re: [hwloc-devel] Static analysis > > Hello > > We're running coverity every night and I try to address most of what it > reports (except the netloc/ directory git master which still needs a lot > of work). What tool do you use? > > It's true we don't check malloc() return values in many cases (hopefully > only the small allocations), mostly because we're lazy (and also because > many other things would go wrong when malloc starts failing :/) > > Brice > > > > Le 12/01/2016 12:23, Odzioba, Lukasz a écrit : >> Hi, >> Static analysis tool we use has found quite a lot of potential issues in >> hwloc. >> Most of them are type of "NULL ptr dereference" i.e. when pointer is not >> checked for null after allocation, but there are some more interesting cases >> as well. >> My team distributes hwloc as a part of software package and we could just >> ignore those, but I wanted to let you know in case you are interested in >> fixing some or all of them. >> >> Please let me know If you would like to get a full list, so I'll prepare it. >> >> Thanks, >> Lukas >> >> _______________________________________________ >> hwloc-devel mailing list >> hwloc-de...@open-mpi.org >> Subscription: http://www.open-mpi.org/mailman/listinfo.cgi/hwloc-devel >> Link to this post: >> http://www.open-mpi.org/community/lists/hwloc-devel/2016/01/4698.php > _______________________________________________ > hwloc-devel mailing list > hwloc-de...@open-mpi.org > Subscription: http://www.open-mpi.org/mailman/listinfo.cgi/hwloc-devel > Link to this post: > http://www.open-mpi.org/community/lists/hwloc-devel/2016/01/4699.php > _______________________________________________ > hwloc-devel mailing list > hwloc-de...@open-mpi.org > Subscription: http://www.open-mpi.org/mailman/listinfo.cgi/hwloc-devel > Link to this post: > http://www.open-mpi.org/community/lists/hwloc-devel/2016/01/4700.php
