Chris, this is very interesting - i was under the impression that coverity operates post-macro expansion (and thus should see the check within VALIDATE_SW_IF_INDEX)... is it not the case, or am I missing something else ?
--a > On 11 Sep 2020, at 17:06, Luke, Chris <[email protected]> wrote: > > > Nathan, > > Just a caveat; those Coverity comments do not always work – at least didn’t > when we started using Coverity. They have plausibly improved things in the > analyzer since but I have not seen that; I would be interested to see if it > is effective once patches are merged and my twice daily submission runs, so > let me know! > > For example, I did setup a modeling file that has fake versions of key macros > to mark certain data as safe (eg, if we inspect an interface index with > VALIDATE_SW_IF_INDEX or variants of, we can assume the index is now safe) but > I did not find that to be effective at the time, so did not make it any more > complete. If that now works, this would be a better way to handle most > tainted data errors – the validation macros/functions squelch the complaint. > > Chris. > > From: [email protected] <[email protected]> On Behalf Of Nathan Skrzypczak > Sent: Friday, September 11, 2020 04:45 > To: Andrew Yourtchenko <[email protected]> > Cc: vpp-dev <[email protected]> > Subject: [EXTERNAL] Re: [vpp-dev] Please look at coverity defects in > preparation for VPP 20.09 before Monday > > Hi Andrew, Hi all, > > Thanks for the coverity reminder and good luck with release work Andrew ! > > Just sharing some info for fixing coverity warnings as it was surprisingly > difficult to find. > The checker's reference can be found here [1]. False positive can > *apparently* be > silenced with comments, e.g. : > > /* coverity [COPY_PASTE_ERROR] */ > u8 ab->ba.ab.ba = 1; > > /* coverity[ -tainted_data_argument : arg-0 ] */ > recvmsg (...); > > Hope this helps > Cheers > > -Nathan > [1] https://scan9.coverity.com/doc/en/cov_checker_ref.html > > Le jeu. 10 sept. 2020 à 17:10, Andrew Yourtchenko <[email protected]> a > écrit : > Dear developers, > > In preparation for the 20.09 release - could you please take a look at > the Coverity report and address the outstanding issues in "your" areas > of the code. > > To do so: go to https://scan.coverity.com/projects/fd-io-vpp, login, > then hit "view defects" button on the top right. > > There are currently 18 defects as seen there. > > Each Coverity issue corresponds to a defect. > > We need to have this number to be 0 by RC2, so on Monday I will start > contacting the folks personally with either a "thank you" note if that > issue has already taken care of between now and then, or a request to > open a JIRA ticket so that it can be tracked and mentioned in the > release notes for 20.09 as a known issue. I'd obviously prefer the > former, it's less work for everyone and the users will be happier with > the result. :-) > > So - thanks a lot in advance for spending some of your cycles tomorrow > and squashing all of the outstanding defects ! > > --a /* your friendly 20.0Segmentation fault (core dumped)
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#17376): https://lists.fd.io/g/vpp-dev/message/17376 Mute This Topic: https://lists.fd.io/mt/76781568/21656 Group Owner: [email protected] Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
