+1, would be good to have Coverity run regularly. I think by now Python, Java and other languages are supported. FYI - If you ever run into problems with scan, let me know. I used to work at Coverity (now Synopsys) before joining AWS. Steffen
On Fri, Nov 2, 2018 at 3:43 PM Lin Yuan <apefor...@gmail.com> wrote: > Anton, > > Yes, I did a scan using Coverity on MXNet a few months ago. It did show > some memory issues. I was later buried by other work with higher priority > and would definitely like to see Coverity (or any other better memory scan) > tool to be run regularly on MXNet backend. > > Let me know if you want to discuss further on this topic. I would like to > provide as much help as I can. > > Best, > > Lin > > On Fri, Nov 2, 2018 at 3:15 PM kellen sunderland < > kellen.sunderl...@gmail.com> wrote: > > > Totally agree Pedro, reporting the data in a more accessible way would > be a > > huge improvement. For this reason alone I think it might be worthwhile > > adopting coverity. > > > > On Fri, Nov 2, 2018, 11:38 AM Pedro Larroy <pedro.larroy.li...@gmail.com > > wrote: > > > > > Thanks a lot, I think is very beneficial that we invest in these kind > of > > > tooling for code quality. As a developer I wonder, do we have > actionable > > > items for looking at / fixing these issues or right now is done in an > > > informational / good will basis? > > > > > > Is there a way to colorize this output? > > > > > > Pedro. > > > > > > On Fri, Nov 2, 2018 at 5:10 PM kellen sunderland < > > > kellen.sunderl...@gmail.com> wrote: > > > > > > > Reference scan here (I believe I also count 5 memory violations): > > > > > > > > > > > > > > http://jenkins.mxnet-ci.amazon-ml.com/blue/rest/organizations/jenkins/pipelines/incubator-mxnet/branches/master/runs/1856/nodes/104/log/?start=0 > > > > > > > > -Kellen > > > > > > > > On Fri, Nov 2, 2018 at 9:07 AM kellen sunderland < > > > > kellen.sunderl...@gmail.com> wrote: > > > > > > > > > Hey Anton, can you provide a sample scan? I'm interested to see if > > it > > > > > catches different memory access violations, or if it gets the same > > ones > > > > > we've already seen reported by clang-tidy. For example are these > > > > > violations in the reports: > > > > > ------------------------------ > > > > > > > "/work/mxnet/3rdparty/dmlc-core/include/dmlc/concurrentqueue.h:3443:24: > > > > > warning: Access to field 'capacity' results in a dereference of a > > null > > > > > pointer (loaded from variable 'mainHash') > > > > > [clang-analyzer-core.NullDereference]" > > > > > > > > > > --------------------------- > > > > > > > > > > /work/mxnet/3rdparty/mshadow/mshadow/./tensor.h:64:23: warning: > > > Assigned > > > > value is garbage or undefined > > [clang-analyzer-core.uninitialized.Assign] > > > > > this->shape_[i] = s[i];" > > > > > > > > > > ------------------------- > > > > > > > > > > > > > > > > > > > > > > > > > /usr/bin/../lib/gcc/x86_64-linux-gnu/8.0.1/../../../../include/c++/8.0.1/ext/atomicity.h:67:29: > > > > warning: Use of memory after it is freed > > > > [clang-analyzer-cplusplus.NewDelete] > > > > > > > > > > -------------------------- > > > > > > > > > > -Kellen > > > > > > > > > > > > > > > > > > > > On Fri, Nov 2, 2018 at 2:20 AM Anton Chernov <mecher...@gmail.com> > > > > wrote: > > > > > > > > > >> Dear MXNet community, > > > > >> > > > > >> I had investigated the possibility to adopt Coverity static > analysis > > > > tools > > > > >> for the MXNet project and it turned out that there is a tool > > provided > > > by > > > > >> Synopsys for open-source projects: > > > > >> > > > > >> https://scan.coverity.com > > > > >> > > > > >> The tool works nicely with GitHub [1] and I found that a scan for > a > > > fork > > > > >> (from @apeforest) [2] was already set up. I can not tell how long > > ago > > > > the > > > > >> scan was performed, but at the time of writing the project page > > shows > > > 5 > > > > >> illegal memory access errors, that I think would be worth > > > investigating. > > > > >> > > > > >> If there is interest I would suggest that we would setup a > Coverity > > > scan > > > > >> for the main repository instead of a fork and people that have > > > interest > > > > >> managing and fixing issues would request add them to the project. > > > > >> > > > > >> I would appreciate feedback for this proposal and help from people > > > > having > > > > >> rights for the main repository to set things up. > > > > >> > > > > >> Best regards, > > > > >> Anton > > > > >> > > > > >> [1] https://scan.coverity.com/github > > > > >> [2] https://scan.coverity.com/projects/apeforest-incubator-mxnet > > > > >> > > > > > > > > > > > > > > >
