From: Jeff King <peff@peff.net>
To: Johannes Schindelin <Johannes.Schindelin@gmx.de>
Cc: Taylor Blau <me@ttaylorr.com>, Junio C Hamano <gitster@pobox.com>,
git@vger.kernel.org
Subject: Re: What's cooking in git.git (Oct 2021, #02; Wed, 6)
Date: Fri, 8 Oct 2021 17:32:39 -0400 [thread overview]
Message-ID: <YWC49+xCh+zum8Ms@coredump.intra.peff.net> (raw)
In-Reply-To: <nycvar.QRO.7.76.6.2110080946060.395@tvgsbejvaqbjf.bet>
On Fri, Oct 08, 2021 at 09:51:33AM +0200, Johannes Schindelin wrote:
> > Sort of. They basically wrap the "make" invocation to intercept "cc". My
> > understanding is that their faux-compiler is mostly about gathering data
> > about the code. That gets stuffed into a tarball and uploaded to their
> > servers, where the real analysis happens.
> >
> > It's very black-box, which I don't love. But in my experience it
> > produces by far the most useful static-analysis output of any tool I've
> > seen.
>
> It is pretty black box, but I have to disagree that the static analysis
> output is very useful. The majority are false positives about
> strbuf/strvec type usage of a static, fixed-size array that is dynamically
> replaced by a dynamically-allocated array. Coverity misses that subtlety
> and reports out-of-bounds accesses.
Yes, I remember skipping past quite a few of those.
To be clear, I don't claim that its output is amazing. Only that it has
produced actionable output on many occasions. Grepping commit messages
for "Coverity" turns up several hits (many from you :) ). Most of those
are leak fixes, and I do think we have better options there. But I
recall it detecting some hard-to-find memory and logic errors, too.
> Granted, I worked around those (I thought) by using the
> `-DFLEX_ARRAY=65536` trick, but I guess that is either not working as
> designed, or it stopped working at some stage.
>
> FWIW I have set up an Azure Pipeline to keep Git for Windows' `main`
> branch covered by Coverity:
>
> https://dev.azure.com/git-for-windows/git/_build?definitionId=35
>
> It essentially calls into this scripted code:
> https://github.com/git-for-windows/build-extra/blob/4676f286a1ec830a5038b32400808a353dc6c48d/please.sh#L1820-L1915
Do you have any objection to adding something like the Action I showed
eariler? It would do nothing in git-for-windows/git unless you set up
the right environment, so there shouldn't be any downside.
I admit I was not really planning to try to suppress the false positives
as you've done here; my plan was to just keep an eye on the "new"
entries (having already gone through the existing ones years ago).
-Peff
next prev parent reply other threads:[~2021-10-08 21:32 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-07 0:24 What's cooking in git.git (Oct 2021, #02; Wed, 6) Junio C Hamano
2021-10-07 2:01 ` ab/make-sparse-for-real Ævar Arnfjörð Bjarmason
2021-10-07 2:24 ` What's cooking in git.git (Oct 2021, #02; Wed, 6) Jeff King
2021-10-07 2:38 ` Jeff King
2021-10-07 4:07 ` Taylor Blau
2021-10-08 3:55 ` Jeff King
2021-10-08 7:51 ` Johannes Schindelin
2021-10-08 21:32 ` Jeff King [this message]
2021-10-20 12:27 ` Johannes Schindelin
2021-10-20 14:30 ` Taylor Blau
2021-10-20 14:47 ` Junio C Hamano
2021-10-20 16:13 ` Jeff King
2022-08-16 9:05 ` Coverity, was " Johannes Schindelin
2022-08-17 0:57 ` Jeff King
2022-08-19 11:22 ` Johannes Schindelin
2021-10-07 7:42 ` Ævar Arnfjörð Bjarmason
2021-10-08 4:10 ` Jeff King
2021-10-08 20:03 ` Junio C Hamano
2021-10-08 20:19 ` Jeff King
2021-10-08 21:57 ` Junio C Hamano
2021-10-07 2:57 ` Ævar Arnfjörð Bjarmason
2021-10-07 4:15 ` Taylor Blau
2021-10-07 3:55 ` Taylor Blau
2021-10-07 18:02 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YWC49+xCh+zum8Ms@coredump.intra.peff.net \
--to=peff@peff.net \
--cc=Johannes.Schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=me@ttaylorr.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).