Nathan, Just a caveat; those Coverity comments do not always work – at least didn’t when we started using Coverity. They have plausibly improved things in the analyzer since but I have not seen that; I would be interested to see if it is effective once patches are merged and my twice daily submission runs, so let me know!
For example, I did setup a modeling file<https://scan.coverity.com/projects/fd-io-vpp/model_file> that has fake versions of key macros to mark certain data as safe (eg, if we inspect an interface index with VALIDATE_SW_IF_INDEX or variants of, we can assume the index is now safe) but I did not find that to be effective at the time, so did not make it any more complete. If that now works, this would be a better way to handle most tainted data errors – the validation macros/functions squelch the complaint. Chris. From: [email protected] <[email protected]> On Behalf Of Nathan Skrzypczak Sent: Friday, September 11, 2020 04:45 To: Andrew Yourtchenko <[email protected]> Cc: vpp-dev <[email protected]> Subject: [EXTERNAL] Re: [vpp-dev] Please look at coverity defects in preparation for VPP 20.09 before Monday Hi Andrew, Hi all, Thanks for the coverity reminder and good luck with release work Andrew ! Just sharing some info for fixing coverity warnings as it was surprisingly difficult to find. The checker's reference can be found here [1]. False positive can *apparently* be silenced with comments, e.g. : /* coverity [COPY_PASTE_ERROR] */ u8 ab->ba.ab.ba<https://urldefense.com/v3/__http:/ba.ab.ba__;!!CQl3mcHX2A!WZ6BI2nKiAyyj0Pfi5YgF8Rdz-AuHM_ks3F7LzE_xGsFvtqbMZQh2HQeC3r124DCcg$> = 1; /* coverity[ -tainted_data_argument : arg-0 ] */ recvmsg (...); Hope this helps Cheers -Nathan [1] https://scan9.coverity.com/doc/en/cov_checker_ref.html<https://urldefense.com/v3/__https:/scan9.coverity.com/doc/en/cov_checker_ref.html__;!!CQl3mcHX2A!WZ6BI2nKiAyyj0Pfi5YgF8Rdz-AuHM_ks3F7LzE_xGsFvtqbMZQh2HQeC3p01mkguw$> Le jeu. 10 sept. 2020 à 17:10, Andrew Yourtchenko <[email protected]<mailto:[email protected]>> a écrit : Dear developers, In preparation for the 20.09 release - could you please take a look at the Coverity report and address the outstanding issues in "your" areas of the code. To do so: go to https://scan.coverity.com/projects/fd-io-vpp<https://urldefense.com/v3/__https:/scan.coverity.com/projects/fd-io-vpp__;!!CQl3mcHX2A!WZ6BI2nKiAyyj0Pfi5YgF8Rdz-AuHM_ks3F7LzE_xGsFvtqbMZQh2HQeC3pu-_Jesg$>, login, then hit "view defects" button on the top right. There are currently 18 defects as seen there. Each Coverity issue corresponds to a defect. We need to have this number to be 0 by RC2, so on Monday I will start contacting the folks personally with either a "thank you" note if that issue has already taken care of between now and then, or a request to open a JIRA ticket so that it can be tracked and mentioned in the release notes for 20.09 as a known issue. I'd obviously prefer the former, it's less work for everyone and the users will be happier with the result. :-) So - thanks a lot in advance for spending some of your cycles tomorrow and squashing all of the outstanding defects ! --a /* your friendly 20.0Segmentation fault (core dumped)
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#17375): https://lists.fd.io/g/vpp-dev/message/17375 Mute This Topic: https://lists.fd.io/mt/76781568/21656 Group Owner: [email protected] Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
